Re: LaBrea

From: John Lampe (j_lampeat_private)
Date: Mon Oct 22 2001 - 10:37:34 PDT


attached is a script which, when activated on nessus scan, will check that
the dst IP is not a "tarpitted" one.  Average run time (from
nessusd.messages) is a little under 15 seconds for non-tarpitted hosts.  If
you turn nmap loose on a tarpitted network, you could blow hours (if not
days) scanning each host.  Not only will it take you a long time to scan the
network, but it will also falsely identify hosts and ports.  this script has
been working well for me against both "persist" and "non-persist" labrea
networks.  If anyone can see a way to optimize the test, please post it
here...


John Lampe
https://f00dikator.hn.org/








This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 15:51:38 PDT