On Thu, 2003-05-29 at 21:35, Kurt Seifried wrote:
> It sounds like your iSS/OS is patiently waiting for timeouts/etc, and if
> this is the case then a scan could take a very long time, especially if the
> target is configured to drop packets silently.
Do you scan UDP ports on Solaris targets ?
From the nmap manual :
Unfortunately UDP scanning is sometimes painfully
slow since most hosts implement a suggestion in RFC
1812 (section 4.3.2.8) of limiting the ICMP error
message rate. For example, the Linux kernel (in
net/ipv4/icmp.h) limits destination unreachable
message generation to 80 per 4 seconds, with a 1/4
second penalty if that is exceeded. Solaris has
much more strict limits (about 2 messages per sec
ond) and thus takes even longer to scan.
> Personally I'd use nmap/paketto
Yes, paketto is really a good choice for ultra-fast scanning and/or
heavily filtered hosts.
--
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoireat_private ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri May 30 2003 - 07:59:41 PDT