On Mon, Oct 14, 2002 at 12:14:32PM -0400, [EMAIL PROTECTED] wrote: > > I know this isn't really a Nessus issue, but it certainly affects Nessus. > Over the last 6 months or so, I have seen NMAP performance tank heavily on > a number of Linux systems I administer. It is a particular problem with > full NMAP scans such as 'nmap -sT -p 1-65535 target.txt'.
What version of Nmap are you using? I don't think any changes to Nmap in the last 6 months would have made it slower, but you can always try an earlier version from http://download.insecure.org/nmap/dist/?M=D . If an earlier version actually is faster, I'd be interested in hearing about that. One likely culprit is that firewalls on your destination host have changed. Filters which drop packets on the floor without an ICMP unreachable are increasingly common, and '-p 1-65535' will take some time against those hosts. When Nmap returns from a "slow" scan, does it say something like 'The 65530 ports scanned but not shown below are in state: filterd'? If so, I am working on speeding up that case. With Nmap 3.10ALPHA3, you can try the new "--min_parallelism 30" option, which may help dramatically. Let me know what happens. Cheers, Fyodor http://www.insecure.org - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
