[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
- From: Enno Rey <erey@xxxxxxx>
- Date: Wed, 5 Mar 2008 15:00:08 +0100
Hi,
> all due to the unreliable nature of UDP.
>
> But the most important thing is, that if you do it large scale*,
> you have to wait for some sort of reply anyways,
> either TCP SYN|ACK or some application data. This time of "waiting"
> can be used to SYN/request yet another 10,000 hosts.
> Thus, how fast a scanner is does not depend on UDP or TCP,
> it depends on the upper protocols.
it mainly depends on the implementation of the scanner.
We did some large scale internet SNMP scanning some time ago
[see
http://www.ernw.de/content/e7/e181/e671/download690/ERNW_026_SNMP_HitB_Dubai_2007_ger.pdf]
and used our own scanning tool [http://www.ernw.de/download/snmpattack.pl].
Within the different releases of the tool there were _big_ differences as for
the scanning speed.
thanks,
Enno
--
Enno Rey
Check out www.troopers08.org!
ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1
Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/