> If this target IP really _drops_ all packets, definitely not. I'll > double check and keep you in touch anyway.
I scanned an IP with only 2 open ports on my LAN and all the other ports _dropped_: it takes 1min20s for 65k ports. But if I scan an IP that sends back ICMP from time to time, the scanner slow down dramatically. It took nearly 4 min for 111 ports, i.e. one day and half for a full scan. *However* my 2nd test was a worst case situation: the target was an unexisting IP, and a Linux gateway sent back ICMP "unreachable network". Normally, Nessus tries to estimate the RTT (ping time) to optimize the speed. Anyway, when the scanner receives ICMP, it seems that it computes a wrong RTT. I suspect that somehow, the Linux gateway bufferizes the ICMP packets. When the scanner receives scarce ICMP (or RST, if that could happen), it slows down and reruns passes (because this could be the symptom of an overloaded link). It gives up after 16 passes. There is no clean way to handle this case. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
