Something for the FAQ? Here are a couple of reasons why your scan may be very slow: 1) very busy network 2) firewalled targets 3) limitation of ICMP rate
(3) will not slow down the TCP scan, only UDP. (1) & (2) may slow down any scan. IMHO scanning a firewall target is not very wise. You have several solution: a) limit the port range. b) only scan TCP ports c) use SNMP d) Upload a nmap output (a) is probably not a good idea, as you may miss some services. (b) is better, as most services run on top of TCP. You may mix a full TCP port scan with a short UDP scan by selecting two scanners, nmap & nmap TCP scan, and setting the "fast scan" option in nmap. So, nmap will ignore the port range and only scan what is in its services file, while the TCP scanner will test the full range. (c) only works against badly configured target: a snmpwalk may give you the open ports. I just wrote a snmpwalk wrapper plugin that does this (I send the source code on the plugins-writers list). If it works, it is very quick, but I would not recommand you to install a SNMP agent just to be able to scan your machines! Maybe pen-testers will use this?? (d) is the best solution. In 1.1.x, Nessus can read a nmap output file. So, if you need to run Nessus several times, you're only run nmap once. The simplest and slowest way to get this file is to run nmap: nmap -oN output_file -sT -sU -O .... target1 target2 ... To speed this up, you may run nmap locally on your targets, edit the files to change localhost to the external name & IP, then concatenate them and feed the full report into Nessus. Another trick is to generate it from someother source, e.g. netstat nessus-tools/contrib/netstat2nmap.pl does this. You need to get the open "inet" ports, in numbers (no symbolic name, e.g."telnet" instead of 23). The command varies. It may be "netstat -a -n" or "netstat -a -n --inet" or "netstat -a -n -AF inet" ... Save each result to a file that has the same name as the machine. This is IMPORTANT! netstat2nmap.pl uses the file name to know the origin of the information. The directory does not matter. Then run : netstat2nmap.pl target1 target2 ... > full_report.nmap -- mailto:[EMAIL PROTECTED] GPG Public keys: http://michel.arboi.free.fr/pubkey.txt http://michel.arboi.free.fr/ http://arboi.da.ru/ FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/
