Hi Attari,
First of all, UDP port scanning is a slow procedure if you are not on
the same network and your not scanning a machine which is firewalled
and doesn't respond with ICMP messages.
If im not misstaken UDP port scanning works that you send a UDP packet
to a UDP port and if you do NOT get a ICMP packet back with the error
message ""ICMP Destination Unreachable: Port Unreachable" you may
consider the port as open.
The problem with this is if you scan a host which is firewalled you
may not receive the error message and it may result in all ports
reported as open. Another issue is that ICMP is considered as a low
profile protocol and has lower priority than for example TCP, so if
the machine that you are scanning is receiving alot of traffic it may
queue up those ICMP messages and you wont simple receive them when you
expect them.
Because of the type of technique used in nmap you need to wait for the
ICMP messages to get back to you and this is probably whats causing
your scan to take a long time. The problem with UDP port scanning is
that some UDP services require a specific source and destination port,
if the packet it receives doesn't have the correct headers it will
simply discard the packet and it may also require a specific payload,
so when scanning with for example nmap it may result in that you get a
inaccurate result (and by the way, im not bashing in nmap :))
What i would recommend that you do is that you do not scan a wide
range of ports because it will not really scale, UDP port scanning is
slow and thats it, i don't think there is much you can do about the
speed factor, but there is alot of things you can do regarding the
accuracy of the scan.
What you need to do is to make the service request with either a valid
response or a ICMP error message. The Outpost24 engine recently
updated its core engine where we have solved this problem.
Best regards,
David Jacoby
Attari Attari wrote:
Hi Group:
Is there a way to increase speed of UDP scan?
I'm running a full UDP scan since 3 days on 3 IP
addresses and it is still not complete.
I gave following command:
nmap -sU -p1-65535 -P0 xxx.yyy.zzz.aaa
One way I can think of is is running parallel nmap
scans by dividing ports like:
nmap -sU -p1-30000 -P0 xxx.yyy.zzz.aaa
nmap -sU -p30000-65535 -P0 xxx.yyy.zzz.aaa
Would appreciate some inputs on this.
Regards
Once upon a time there was 1 GB storage in your inbox. To know the
happy ending go to
http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
--
David Jacoby
Vice President Customer Experience
http://www.outpost24.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
