Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scanning 65K ports on 45 subnets

from [sanjeev sinha] Network Security [Permanent Link]
Subject: Re: Scanning 65K ports on 45 subnets
Date: Mon, 23 May 2005 08:32:36 -0400 
Generally when doing security scans of such a large magnitude, I try to 
determine if all the hosts on these subnets are:
a. listening at all or not
b. which are important hosts (like servers etc.)
c. which are internet facing hosts
d. is nmap scanning really necessary (if you are specifying that option in your 
plugin selection)?   I would first try to determine what service and 
transactional ports you may have open on these hosts by targeting them in an 
initial nmap scan instead of targeting the entire range as this is what can 
make you grow old when trying to scan a class B network.  

The fine and very knowledgable people here may have more to add to my list of 
things to do.

If you think about it, even if your scan was running at a fast and the furious 
pace, you would have a huge output which could take just as long, if not 
longer, to sift through and analyze.  You may want to revisit the 65k port 
option and even then try to determine which hosts to scan and which ones to 
leave out as you may have devices like printers etc. that may have one of those 
ip addresses and which can be negated by a rule for file and print sharing.  To 
illustrate this fact, just try to scan a subnet with nmap on all 65k ports and 
see how long it takes you.  That may change your mind. Of course, all this is 
immaterial if you have an anal boss who wants to have this done, in which case, 
I would just bite the bullet and do it. 


SS
  ----- Original Message ----- 
  From: Chad McDonald 
  To: nessus@list.nessus.org 
  Sent: Monday, May 23, 2005 8:00 AM
  Subject: Scanning 65K ports on 45 subnets


  I have Nessus running on 5 different machines, all running Suse 9.1.  I have 
adjusted the following scan options:
  Port range to all 65K+
  Number of hosts to test at the same time = 10
  Number of checks to perform at the same time = 5
  Optimize the test = enabled


  Prefs:
  Simultaneous connections = 10
  Network connection timeout = 2
  Network Read/write timeout = 2
  Wrapped service read timeout = 2

  These 5 boxes range from P2 400mhz to P4 2.6ghz.  When I attempt to scan even 
1 subnet with each box, the scan time is ridiculous to the point of making the 
results useless (typically 2 or 3 days, if it completes at all.)  Given that I 
have 45 class b subnets to scan, do any of you have any suggestions for 
remedying this problem?  I have seen other posts on this list where users are 
scanning with relatively low powered machines, and are not having the speed 
issues that I am.  As an added note, scanning from my OS X laptop I can scan 
one subnet in about 2 hours with the same settings.


  Thanks, 
  Chad McDonald, CISSP
  Chief Information Security Officer
  Georgia College & State University
  478.445.4473  Office
  478.454.8250 Cell
  478.445.1202 Fax



------------------------------------------------------------------------------


  _______________________________________________
  Nessus mailing list
  Nessus@list.nessus.org
  http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: smb login, Josh Zlatin-Amishav
Next by Date:  Problems with registration feed plugins, Terralink - Supporto Tecnico
Previous by Thread:  Re: Scanning 65K ports on 45 subnets, Renaud Deraison
Next by Thread:  Re: Scanning 65K ports on 45 subnets, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]