Re: linux tuning for nmap/nessus

From: offset (offset@svcroot.net)
Date: Tue Mar 21 2006 - 16:44:44 EST

• Next message: Kevin Willock (IGSN Security): "Re: Script to create Style Sheet for Nessus XML"
• Previous message: GomoR: "Re: Masquerade windows as linux"
• In reply to: David M. Zendzian: "Re: linux tuning for nmap/nessus"
• Next in thread: Miguel Dilaj: "Re: linux tuning for nmap/nessus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for the suggestions, I'll read into those more.

Does anyone have any ideas on which kernel/tcp tuning parameters would be helpful to
investigate for large scale nmap/nessus scans? ( stuff in /proc, sysctl.conf, etc)

-off

On Mon, Mar 20, 2006 at 09:46:19PM -0800, David M. Zendzian wrote:
> Offset,
> The kernel does matter some, but overall the size of the box
> (cpu/memory) and the network connection will matter the most for
> large/extended scans.
>
> You may want to check (google) these options to see the best way of
> tuning based on the parameters available to your system:
> -T[0-5]: Set timing template (higher is faster)
> --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
> --min-parallelism/max-parallelism <msec>: Probe parallelization
> --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <msec>: Specifies
> probe round trip time.
> --max-retries <tries>: Caps number of port scan probe retransmissions.
> --host-timeout <msec>: Give up on target after this long
> --scan-delay/--max-scan-delay <msec>: Adjust delay between probe
>
> dmz
>
> offset wrote:
> >Greetings,
> >
> >Does anyone have any recommendations regarding kernel/tcp tuning for high
> >volume nmap/nessus type scans?
> >
> >linux kernel 2.6.9.34.EL
> >
> >I'm concerned about the machine freezing during an extended network scan
> >due to resource constraints on linux.
> >
> >The bulk of the nmap scans will be sT and sS.
> >
> >-off

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------

• Next message: Kevin Willock (IGSN Security): "Re: Script to create Style Sheet for Nessus XML"
• Previous message: GomoR: "Re: Masquerade windows as linux"
• In reply to: David M. Zendzian: "Re: linux tuning for nmap/nessus"
• Next in thread: Miguel Dilaj: "Re: linux tuning for nmap/nessus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:43 EDT