I have run into the same thing scanning some class A or B address spaces. Your best bet, and what I ended up doing is writing something that will take the output of a nmap ping scan and decide whether to run the entire subnet you are interested in or break it down. For example 10.1.0.0 Nmap ping scan finds 75 hosts in 10.1.1.0 so it runs that as a class C but only finds 3 addresses in 10.1.2.0 so it runs those individually. It's the timeout of waiting for a 135 connection that is taking the tool so long. You just have to balance out the overhead of invoking the executable per IP as opposed to the overhead of timeouts on the network range you let it scan... Hope that helps, and wish I could share my code :( Next time I will write it at home :) -----Original Message----- From: Schmehl, Paul L [mailto:paulsat_private] Sent: Thursday, July 31, 2003 9:31 AM To: incidentsat_private I have both eEye's tool and ISS's tool. I decided to run the ISS commandline scanner on our entire class B last night. That way I could come in this morning and have a complete report of patch compliance. Or so I thought. When I got in to my office this morning, the ISS tool had been running for 15 hours and had reported on a total of 99 hosts. I don't know what's wrong with it, but something obviously is. Paul Schmehl (paulsat_private) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: Michael Wright [mailto:mcwrightat_private] > Sent: Wednesday, July 30, 2003 1:25 PM > To: JAMIE CRAWFORD; incidentsat_private > Subject: Re: Command Line RPC vulnerability scanner? > > > Yes. ISS provides one for windows: --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 09:24:52 PDT