lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 5 Mar 2008 14:21:01 +0100
From: Sebastian Krahmer <krahmer@...e.de>
To: Andrew A <gluttony@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Exploring the UNKNOWN: Scanning the Internet
	via SNMP!

Hi dude,

On Wed, Mar 05, 2008 at 04:54:16AM -0800, Andrew A wrote:

> hey dude, how is merely sending a single datagram not going to be faster
> than doing an entire handshake?
First, to know whether a TCP port is open you do not need
a complete handshake. A single TCP packet is enough.
I doubt that a single TCP packet is slower than a single UDP
packet.
Second you may need to send multiple (same) UDP packets
since remote peer's rate limiting does not send you back ICMPs;
all due to the unreliable nature of UDP.

But the most important thing is, that if you do it large scale*,
you have to wait for some sort of reply anyways,
either TCP SYN|ACK or some application data. This time of "waiting"
can be used to SYN/request yet another 10,000 hosts.
Thus, how fast a scanner is does not depend on UDP or TCP,
it depends on the upper protocols. Even complex protocols
such as SSH can be spoken very quickly and only require a little
more time (if at all) than walking a couple of SNMP OID's per host.
10,000+ hosts/s for a common application TCP protocol such as HTTP
is easy.

Do not bash me if a UDP app scan takes 10 minutes to succeed
and I need 11, we talk about *differences* :-)

* speaking about application level which needs some
  request/responses in both, UDP and TCP, cases

regards,
Sebastian

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ