attached is a script which, when activated on nessus scan, will check that the dst IP is not a "tarpitted" one. Average run time (from nessusd.messages) is a little under 15 seconds for non-tarpitted hosts. If you turn nmap loose on a tarpitted network, you could blow hours (if not days) scanning each host. Not only will it take you a long time to scan the network, but it will also falsely identify hosts and ports. this script has been working well for me against both "persist" and "non-persist" labrea networks. If anyone can see a way to optimize the test, please post it here... John Lampe https://f00dikator.hn.org/
This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 15:51:38 PDT