TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Randy, Thanks for the question. "Divide and conquer" is the best approach - divide up your hosts into host lists based on OS, and then scan the host lists with the appropriate OS-specific policy. This will ensure that you are running only the necessary checks against each host, and subdividing your hosts into host lists will allow you to estimate time and more effectively restrict your scanning to business hours: if each host list is 1000 hosts (or some other number) and you use an L4 Server policy for each, you can get a pretty clear estimate of the time necessary for all 6,000 based on the IS took to scan the first list. I hope that helps. Please let me know if you have any questions. Regards, Patrick Patrick Wheeler Product Manager Internet Security Systems, Inc. 2606 Barfield Rd. Atlanta, GA 30328 ph. 404.236.2818 / fax 404.236.2614 +++ Internet Security Systems - The Power to Protect +++ -----Original Message----- From: Randy Reitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 1:43 PM To: [EMAIL PROTECTED] Subject: Internet Scanner: Estimating time required to complete a scan. TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- I performed the first scan on my site and found that with my current hardware, it took the IS 4:30 hours to scan 6088 hosts using the "L2 Classification" policy (22 vulnerabilities). I'm wondering how log it will take to complete this scan using the "L4 NT Server" policy (284 vulnerabilities)? Of the 6000 hosts, about 1/3 are of the NT variety. My question is: does the scan engine try NT vulnerabilities against hosts that are not identified as NT? I suspect that OS detection occurs every time the scan engine runs. If the IS scan engine identifies a host as "UNIX", will it still try to execute vulnerabilities designed for NT? Or will it "skip" UNIX hosts? I don't want a scan to run outside of business hours. I would like to keep my scan duration to 6-8 hours. Any suggestions concerning estimating the scan elapse time would be appreciated. Thanks Randy Reitz
RE: Internet Scanner: Estimating time required to complete a scan.
Wheeler, Patrick (ISSAtlanta) Thu, 26 Apr 2001 16:03:09 -0700
- Internet Scanner: Estimating time required t... Randy Reitz
- RE: Internet Scanner: Estimating time r... Wheeler, Patrick (ISSAtlanta)
- RE: Internet Scanner: Estimating ti... Stephen Tihor
- Re: Internet Scanner: Estimating time r... gsuarez
- Re: Internet Scanner: Estimating time r... Gary Flynn
- Re: Internet Scanner: Estimating ti... Stephen Tihor
- RE: Internet Scanner: Estimating time r... Lanzilotta, Chris S. (MBS)
- Re: [issforum] RE: Internet Scanner... Stephen W. Thompson
- RE: True IDS testing?? mht
- RE: Internet Scanner: Estimating time r... Yong, David
- RE: Internet Scanner: Estimating time r... Evans, Richard T., LIWA
- RE: Internet Scanner: Estimating time r... Yong, David
