1 |
DROP will add about 3 minutes to the total cost of the scan, because |
2 |
you need to wait for timeout. This is the slowdown you're seeing. |
3 |
However, during those three minutes you can scan 1, 10, or 10000 |
4 |
machines, and it will still take only three minutes. |
5 |
|
6 |
To actually do this you'd probably need to increase nmap's |
7 |
--max-parallelism parameter. |
8 |
|
9 |
|
10 |
On Thu, Jan 08, 2004 at 10:29:23AM -0600, Thomas T. Veldhouse wrote: |
11 |
> It slows down NMAP plenty ... are you saying it is not a good scanner? |
12 |
> |
13 |
> Tom Veldhouse |
14 |
> |
15 |
> P.S. I have to top post the reply because your email is an attachment and I |
16 |
> have to cut'n'paste the original message ... I refuse to manually quote it |
17 |
> |
18 |
> ----- Original Message ----- |
19 |
> From: "Edward Faulkner" <edward@×××.EDU> |
20 |
> To: "Thomas T. Veldhouse" <veldy@×××××.net> |
21 |
> Cc: "Oliver Schad" <o.schad@×××.de>; <gentoo-security@l.g.o> |
22 |
> Sent: Thursday, January 08, 2004 10:09 AM |
23 |
> Subject: Re: [gentoo-security] firewall suggestions? |
24 |
> |
25 |
> As has already been pointed out, using DROP would not slow down a good |
26 |
> scanner significantly. You could parallelize so that you can scan as |
27 |
> many machines as you want, all within one timeout period. |
28 |
> |
29 |
> And it only takes one good coder to arm all the script kiddies with a |
30 |
> good scanner. |
31 |
> |
32 |
> -Ed Faulkner |
33 |
> |