[funsec] so, is I[dp]S a STUPID technology?

Kyle Quest Kyle.Quest at networkengines.com
Thu Oct 13 12:22:41 CDT 2005


> As far as scanning them goes, http://infosec.yorku.ca/tools/ has a
> scanner that did 4 class B's in under 15 min, (ask J. Glass:) it doesnt
> check for everything, but you might get it to at least scan for the SANS
> top 20 in that time with some trial and error.
>

Just a quick comment... There's a reason that "scanner" is so fast.
Unfortunately it's not some new ground breaking scanning technique
(it uses multiple process with non-blocking socket operations).
It's because it checks for 3 simple things (looking at tcp ports 139/445),
which is probably about % 0.001 of things that an VA scanner would
be doing. Scanning for SANS top 20 will require writing a completely
new tool. And if you want to cover the top 20 completely, your tool
will need to be able to login to different services as well. By the time
you are done writing this comprehensive SANS top 20 scanner, it won't
be able to do a class B net in 10 minutes (and especially 4 class B nets
under 15 minutes). It'll take much longer. If you'll try to add
an open port scanner (even using the fastest algorithm available),
it'll add much more time (130k of ports for each machine * 10000 machines).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxbox.org/pipermail/funsec/attachments/20051013/c1870132/attachment.html


More information about the funsec mailing list