RE: Anyone else seeing NMAP weirdness?

Mon, 14 Oct 2002 13:35:55 -0700 


        By chance do you have a number of Solaris boxes that you are
scanning Mark?  I just did some cluster patches on a few systems running
Solaris 7 and 8 and the latest patches cause NMAP (and thus Nessus) to run
like molasses.  I'm not sure what's going on yet, but I had another system
that I patched, but had not rebooted yet.  Nessus scanned that box fine, but
after reboot the scan progressed at a snails pace.  The Nessus attacks run
quickly if you disable NMAP.  The only difference was the patch clusters so
there is definitely something in there slowing the scans down for me.

        Steve


-----Original Message-----
From: Fyodor [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 14, 2002 3:45 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Anyone else seeing NMAP weirdness?


On Mon, Oct 14, 2002 at 12:14:32PM -0400, [EMAIL PROTECTED] wrote:
> 
> I know this isn't really a Nessus issue, but it certainly affects Nessus. 
> Over the last 6 months or so, I have seen NMAP performance tank heavily on
> a number of Linux systems I administer.  It is a particular problem with
> full NMAP scans such as 'nmap -sT -p 1-65535 target.txt'.

What version of Nmap are you using?  I don't think any changes to Nmap
in the last 6 months would have made it slower, but you can always try
an earlier version from http://download.insecure.org/nmap/dist/?M=D .
If an earlier version actually is faster, I'd be interested in hearing
about that.

One likely culprit is that firewalls on your destination host have
changed.  Filters which drop packets on the floor without an ICMP
unreachable are increasingly common, and '-p 1-65535' will take some
time against those hosts.  When Nmap returns from a "slow" scan, does
it say something like 'The 65530 ports scanned but not shown below are
in state: filterd'?  If so, I am working on speeding up that case.
With Nmap 3.10ALPHA3, you can try the new "--min_parallelism 30"
option, which may help dramatically.  Let me know what happens.

Cheers,
Fyodor
http://www.insecure.org
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.

Reply via email to