Recent changes to nmap affects the time it takes to port scan a firewalled
host. This will in turn affect Nessus scans when nmap.nasl is used.
Reference: http://seclists.org/lists/nmap-dev/2004/Oct-Dec/0143.html (Nmap
Development: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts)
The bottom line is that a port scan against a class C network may take days
instead of hours due to the way that nmap now handles ICMP unreachables.
The workaround for this issue is to pass additional parameters to nmap
namely (--max_scan_delay 0).
Neither nmap.nasl or the Nessus client (version 2.2.4) cater for this option
yet.
According to the nmap changelog, this option was first included with version
3.75
The changes to nmap.nasl are the following:
if (ver =~ "3.7[5-9]" || ver =~ "3.8")
{
script_add_preference(name: "Maximum wait between probes (ms)", value: "",
type: "entry");
}
p = script_get_preference("Maximum wait between probes (ms)");
if (p =~ '^[0-9]+$')
{
argv[i++] = "--max_scan_delay";
argv[i++] = p;
custom_policy ++;
}
Of course the option needs to be included in the client as well to be useful
for most people, but for those who use the command line version with custom
.nessusrc files, changes to nmap.nasl will help in the mean time.
Regards,
=======================================================
Herman Young Tel: +27 12 460 0880
SensePost Information Security Fax: +27 12 460 0885
http://www.sensepost.com | http://hackrack.co.za
=======================================================
host. This will in turn affect Nessus scans when nmap.nasl is used.
Reference: http://seclists.org/lists/nmap-dev/2004/Oct-Dec/0143.html (Nmap
Development: nmap-3.7x MUCH slower than nmap-3.55 against firewalled hosts)
The bottom line is that a port scan against a class C network may take days
instead of hours due to the way that nmap now handles ICMP unreachables.
The workaround for this issue is to pass additional parameters to nmap
namely (--max_scan_delay 0).
Neither nmap.nasl or the Nessus client (version 2.2.4) cater for this option
yet.
According to the nmap changelog, this option was first included with version
3.75
The changes to nmap.nasl are the following:
if (ver =~ "3.7[5-9]" || ver =~ "3.8")
{
script_add_preference(name: "Maximum wait between probes (ms)", value: "",
type: "entry");
}
p = script_get_preference("Maximum wait between probes (ms)");
if (p =~ '^[0-9]+$')
{
argv[i++] = "--max_scan_delay";
argv[i++] = p;
custom_policy ++;
}
Of course the option needs to be included in the client as well to be useful
for most people, but for those who use the command line version with custom
.nessusrc files, changes to nmap.nasl will help in the mean time.
Regards,
=======================================================
Herman Young Tel: +27 12 460 0880
SensePost Information Security Fax: +27 12 460 0885
http://www.sensepost.com | http://hackrack.co.za
=======================================================