| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Mar 2008 15:00:08 +0100 From: Enno Rey <erey@...w.de> To: full-disclosure@...ts.grok.org.uk Subject: Re: Exploring the UNKNOWN: Scanning the Internet via SNMP! Hi, > all due to the unreliable nature of UDP. > > But the most important thing is, that if you do it large scale*, > you have to wait for some sort of reply anyways, > either TCP SYN|ACK or some application data. This time of "waiting" > can be used to SYN/request yet another 10,000 hosts. > Thus, how fast a scanner is does not depend on UDP or TCP, > it depends on the upper protocols. it mainly depends on the implementation of the scanner. We did some large scale internet SNMP scanning some time ago [see http://www.ernw.de/content/e7/e181/e671/download690/ERNW_026_SNMP_HitB_Dubai_2007_ger.pdf] and used our own scanning tool [http://www.ernw.de/download/snmpattack.pl]. Within the different releases of the tool there were _big_ differences as for the scanning speed. thanks, Enno -- Enno Rey Check out www.troopers08.org! ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Heidelberg: HRB 7135 Geschaeftsfuehrer: Roland Fiege, Enno Rey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists