Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
nmap max parallelism
scheidell at secnap
Aug 19, 2002, 10:47 AM
Post #1 of 4 (1034 views)
Permalink
I was looking to try to reduce the number of open connections through a
stateful firewall during the nmap phase.

during the scanning phase, all is right with the world, but during nmap
phase, it makes about 2000 connections at a time per ip.

I tried the Ports scanned in parallel (--max_parallelism in nmap) but it is
not sent to nmap unless custom timing option is selected.

Can --max_parallelism be moved to normal options? rather than require custom
settings?
(well, everything is a custom setting!)

Michael Scheidell
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Re: nmap max parallelism [ In reply to ]
sullo at cirt
Aug 19, 2002, 1:07 PM
Post #2 of 4 (1003 views)
Permalink
This may help in the interim...

we scan using nmap on the CLI, then put the open ports in the list in Nessus... yes, it still scans it at full speed, but it's generally a much
smaller number of ports than a full 65k range. It keeps the load-balance software from losing heartbeat due to firewall load...

Maybe the Nessus solution is a field that passes items directly to nmap without having to understand the content? Could be problematic
though...


> I was looking to try to reduce the number of open connections through a
> stateful firewall during the nmap phase.
>
> during the scanning phase, all is right with the world, but during nmap
> phase, it makes about 2000 connections at a time per ip.
>
> I tried the Ports scanned in parallel (--max_parallelism in nmap) but it is
> not sent to nmap unless custom timing option is selected.
>
> Can --max_parallelism be moved to normal options? rather than require custom
> settings?
> (well, everything is a custom setting!)
>
> Michael Scheidell
> SECNAP Network Security, LLC
> Sales: 866-SECNAPNET / (1-866-732-6276)
> Main: 561-368-9561 / www.secnap.net
>
>
>
>

___________________________________________________
http://www.cirt.net/
Home of Nikto
Re: nmap max parallelism [ In reply to ]
arboi at noos
Aug 20, 2002, 2:19 AM
Post #3 of 4 (1015 views)
Permalink
Le lun 19/08/2002 à 22:07, sullo a écrit :
> Maybe the Nessus solution is a field that passes items directly
> to nmap without having to understand the content?

Mmmmhhh... It wouldn't be great if it was a way to make the Nessusd
daemon execute any command as "root".
Looks dangerous.

For special nmap options, I prefer to scan first with nmap, save the
result to a file and upload it. Especially when if I have to scan
through a firewall.
Anyway I agree that we should remove the "custom settings" option. It
does not look very useful. AFAIK, one can specify some -T option *and*
custom timing options with nmap.
Re: nmap max parallelism [ In reply to ]
arboi at noos
Aug 25, 2002, 5:41 AM
Post #4 of 4 (1006 views)
Permalink
"Michael Scheidell" <scheidell@secnap.net> writes:

> Can --max_parallelism be moved to normal options? rather than require custom
> settings?
> (well, everything is a custom setting!)

cvs log plugins/nmap_wrapper/nmap_wrapper.c
[snip]
revision 1.75
date: 2002/08/25 12:24:53; author: mikhail; state: Exp; lines: +24 -11
Added support for --data_length
-max_parallelism does not depend on "Custom timing" any more
[snip]

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal