Re: Problem with NMap Scans

From: whitehat (whitehaat@gmail.com)
Date: Tue Jan 29 2008 - 11:43:59 EST

• Next message: me: "Re: brute force ColdFusion MX7 admin page"
• Previous message: Robert E. Lee: "Re: Question re: load balancers as a security device"
• In reply to: Shaon Diwakar: "Re: Problem with NMap Scans"
• Next in thread: Strykar: "RE: Problem with NMap Scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi list,

I'm using the following options:

nmap -sS -P0 -p1-65535 -T4 x.y.x.z
nmap -sU -P0 -p1-65535 -T4 x.y.x.z

Normally the scan statistics should be like the following:

                                  with '-T4'
    without '-T4'

SYN Scan 1.50hrs(apprx.)
3.40hrs(apprx.)
UDP Scan 1.50hrs(apprx.)
3.40hrs(apprx.)

I could able to complete these scans with other port scanning tools like
'Unicornscan', superscan etc.,

I'm not able to understand one thing!!!
why nmap is failing to complete the scans in less time!!!!

Let us assume that there is a 'Firewall'.
Then how the other tools were able to complete those scans in less time,
even though the strategy that is being used by nmap is different

cheers!!!!!!!!

Regards,
whitehaat.

Shaon Diwakar wrote:
> Hi whitehat,
>
> What other options are you using? Are you performing a full port scan (i.e. all 65535 ports) - UDP scan normally take a long, long time - but this is because UDP is connectionless. The docs have a very good explanation of why this technique takes a long time:
> http://nmap.org/man/man-port-scanning-techniques.html
>
> There may also be other non-nmap related issues going on here, for example a FW in between is doing something funny. Do you have problems using any other portscanner?
>
> Cheers,
> sHz
>
> ----- Original Message ----
> From: whitehat <whitehaat@gmail.com>
> To: pen-test <pen-test@securityfocus.com>
> Sent: Tuesday, 29 January, 2008 4:22:38 AM
> Subject: Problem with NMap Scans
>
> Hi List,
>
> I'm using NMap for port scanning and I never faced any problems.
> But in recent times when I scanned some systems it was showing nearly
> 8.00 hrs for SYN Scan and 19.00 hrs for UDP Scan to complete.
> I tried with '-T4' option which is aggressive in nature but it is of no use.
>
> Can anybody help what is going on there?????
> Because we cannot wait up to 8.00 or 19.00 hrs if the Green Zone timings
> are on.
>
>
>
> Thanks in advance!!!!!!!!!!!!!!
>
>
> Cheers.......... :-)
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: me: "Re: brute force ColdFusion MX7 admin page"
• Previous message: Robert E. Lee: "Re: Question re: load balancers as a security device"
• In reply to: Shaon Diwakar: "Re: Problem with NMap Scans"
• Next in thread: Strykar: "RE: Problem with NMap Scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:22 EDT