Re: Seeking UFFI for sockets on Linux
From: Karl A. Krueger (kkrueger_at_example.edu)
Date: 12/03/03
- Next message: Joe Marshall: "Re: Where to find good lisp critiques?"
- Previous message: Duane Rettig: "Re: User-defined equality/hashing functions in hash tables?"
- In reply to: Luke Gorrie: "Re: Seeking UFFI for sockets on Linux"
- Next in thread: Bulent Murtezaoglu: "Re: Seeking UFFI for sockets on Linux"
- Reply: Bulent Murtezaoglu: "Re: Seeking UFFI for sockets on Linux"
- Reply: Luke Gorrie: "Re: Seeking UFFI for sockets on Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 3 Dec 2003 17:08:15 +0000 (UTC)
Luke Gorrie <luke@bluetail.com> wrote:
> Network latency can make you spend a lot of time waiting. The worst
> case is if a firewall is discarding your packets, so that your
> connects will have to timeout. Making requests in parallel will
> probably be important.
It's true. I have a couple of approaches in mind for this ...
My eventual goal is not a clone of nmap, but rather a port of an
existing program I have written in Python. This is a multi-threaded
program that doesn't scan 65535 ports on a host; rather, it scans a few
ports on each of many hosts. It then invokes external programs that do
the actual vulnerability testing, and it records its results in a
PostgreSQL database.
This program is kind of tailored to networks that look like my
workplace's: thousands of machines of several different kinds, scattered
sparsely over many subnets. So it spends a lot of effort eliminating
addresses and ports it doesn't need to scan before spawning threads for
those it does -- it doesn't beat on Windows vulnerabilities on Unix
hosts or nonexistent ones. It isn't meant to be good for "bad guys"
scanning other people's networks through firewalls.
What I hope out of porting it to Lisp is really twofold: first, to
learn a lot more Lisp; second, to bring more of the external code inside
and make it faster.
> If the remote end accepts a lot of your connections, this causes a
> lot of work for the kernel. If they didn't want to be scanned, they
> could possibly crash your computer just by acknowledging your
> connection requests and ignoring everything else, forcing your
> kernel to open and hold a lot of sockets. Maybe you'll want to be
> careful to avoid some bad cases.
Sure, if people are running things like LaBrea, a scanner has to eat a
timeout for every port touched. That would suck. :)
-- Karl A. Krueger <kkrueger@example.edu> Woods Hole Oceanographic Institution Email address is spamtrapped. s/example/whoi/ "Outlook not so good." -- Magic 8-Ball Software Reviews
- Next message: Joe Marshall: "Re: Where to find good lisp critiques?"
- Previous message: Duane Rettig: "Re: User-defined equality/hashing functions in hash tables?"
- In reply to: Luke Gorrie: "Re: Seeking UFFI for sockets on Linux"
- Next in thread: Bulent Murtezaoglu: "Re: Seeking UFFI for sockets on Linux"
- Reply: Bulent Murtezaoglu: "Re: Seeking UFFI for sockets on Linux"
- Reply: Luke Gorrie: "Re: Seeking UFFI for sockets on Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
