From: Nikhil Wagholikar (visitnikhil@gmail.com)
Date: Tue Feb 05 2008 - 02:29:16 EST
Hello Whitehat,
In UDP scanning, Open port is detected with no response and a Closed
port is detected with ICMP PORT UNREACHABLE (Code 3, Type 3) response.
Linux kernels limit ICMP error message rates, with Port Unreachable
set to 80 per 4 seconds, thereafter implementing a 1/4 second penalty
if the count is exceeded. This makes the scan slow !!
Besides this, what Richard narrated is also applicable many a times,
that it depends on factors such as how ISP handles ICMP traffic,
firewalls blocking or discarding ICMP traffic etc.
Now, there are many work arounds for such situations. One method
includes running parallel UDP scans from more than one machine. Other
includes to switch from NMAP to some other UDP port scanner like 'Fast
Port Scanner'.
More information: http://pcwin.com/Internet/Fast_Port_Scanner/index.htm
Besides Fast Port Scanner, there are some couple of other port
scanners also like scanrand, ipeye etc. You can give a try to these
port scanners too and find-out the difference by yourself.
--- Nikhil Wagholikar Information Security Analyst NII Consulting Web: http://www.niiconsulting.com/ On Jan 31, 2008 10:44 AM, Richard Golodner <rgolodner@infratection.com> wrote: > As UDP is a connectionless protocol, it can take a very long time to > complete. There are also other factors involved such as how our ISP handles > ICMP traffic, firewallls and just plain old slow computrs scanning even > slower ones. I have hd to wait long time to scan some of my friends > networks, and it has taken many, many hours. Best of luck to you. > > most sincerely, Richard > > -----Original Message----- > From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On > Behalf Of whitehat > Sent: Monday, January 28, 2008 12:23 PM > To: pen-test > Subject: Problem with NMap Scans > > Hi List, > > I'm using NMap for port scanning and I never faced any problems. > But in recent times when I scanned some systems it was showing nearly > 8.00 hrs for SYN Scan and 19.00 hrs for UDP Scan to complete. > I tried with '-T4' option which is aggressive in nature but it is of no use. > > Can anybody help what is going on there????? > Because we cannot wait up to 8.00 or 19.00 hrs if the Green Zone timings > are on. > > > > Thanks in advance!!!!!!!!!!!!!! > > > Cheers.......... :-) > > > > > > > > > > > > > ------------------------------------------------------------------------ > This list is sponsored by: Cenzic > > Need to secure your web apps NOW? > Cenzic finds more, "real" vulnerabilities fast. > Click to try it, buy it or download a solution FREE today! > > http://www.cenzic.com/downloads > ------------------------------------------------------------------------ > > > > > > ------------------------------------------------------------------------ > This list is sponsored by: Cenzic > > Need to secure your web apps NOW? > Cenzic finds more, "real" vulnerabilities fast. > Click to try it, buy it or download a solution FREE today! > > http://www.cenzic.com/downloads > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT