Re: Nmap issues...? or router?

From: Stephen Perciballi (routergat_private)
Date: Sun Oct 07 2001 - 12:45:36 PDT

Next message: Ofir Arkin: "RE: DENY x REJECT"

Previous message: bluefur0r bluefur0r: "Nmap issues...? or router?"
In reply to: bluefur0r bluefur0r: "Nmap issues...? or router?"
Next in thread: Blake Frantz: "Re: Nmap issues...? or router?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've never seen nmap behave this way.   Only the opposite with UDP scans going slow.

If they are on a burstable T3, it could have been more established TCP connections using the presumable OC3, OC12 uplink.  Try tracerouteing to them and see where the latency is.  Another huge one we see alot of times is bad network segmentation.   If possible ask the client to clear counters first, then do the scan, then have them send you the sh int.  They could be getting a lot of collisions, whatever.  You may also want them to check a show proc cpu.  Unfortunately more information is required, however it would be far fetched to blame nmap.

bluefur0r bluefur0r wrote:

> After just completeing an audit for a company that has a DS-3 connection (shared) and a cisco router (2015), One of the first issues that was found was this: When nmaping using -sS and all ports, 1 nmap scan nmaping 1 host at a time appeared to completely destroy their bandwidth... Has anyone heard of this? Could this be a Router or ISP problem??? It took very long to complete because i needed to use the -T Polite option. I'm just curious if anyone else has ever encountered nmap using up all network resources for such a high volume connection. Any help would be appreciated so this never happens again. *Luckily I started after hours*
> blue
>
> =================================================================
> Kies een origineel e-mailadres op www.emails.nl
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Ofir Arkin: "RE: DENY x REJECT"
Previous message: bluefur0r bluefur0r: "Nmap issues...? or router?"
In reply to: bluefur0r bluefur0r: "Nmap issues...? or router?"
Next in thread: Blake Frantz: "Re: Nmap issues...? or router?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 11:02:51 PDT