From: Lynx (lynx@enemy.org)
Date: Sat Jan 07 2006 - 14:13:52 EST
On Jan 07, 2006 at 0747 -0800, kataka@hush.com appeared and said:
> The problem is, if I try and scan for more than 1024 ports on a
> single host, my cheep-o Zoom DSL router/modem/switch/thingy starts
> to flake out, in the sense I can�t ping my DSL router any more and
> I loose connectivity to the Internet until I reset the router.
>
> I believe this is because Nmap is filling up my router�s NAT pool
> or something. I�ve looked at the config of the router and it�s only
> got a 1024 connection NAPT port limit that cannot be adjusted and
> timeouts measured in seconds as opposed to ms.
>
> What should I do? Are other people with low-end DSL routers able to
> overcome this problem?
You will have the same problems with a firewall's state table and other
networked equipment. You can reduce the stress for intermediate devices
by using nmap's -M switch in order to decrease the amount of parallel
sockets. -sS is also a lot nicer to TCP/IP stacks in between.
Furthermore the -T switch can be used to make nmap less aggressive. The
time for your scans will increase if you do this though.
Best,
Lynx.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:20 EDT