Use gentler nmap timing#1521
Open
duncangreene wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
To address #1290 and #885. As demonstrated in both issues, Testrun has been shown to routinely exhibit false negatives for devices by scanning too aggressively. The timing modifications in the attached were tuned against a constrained device that was routinely being flagged with false negatives.
Using the attached on my various Testrun machines increases TCP scan time from ~30 seconds (with false positives) to ~3 minutes (with no false positives) in isolation, and UDP scan time remains unchanged in isolation because of the small amount of UDP ports being scanned (the bulk of the time is spent carrying out the version detection step, as opposed to the port range scan itself).
False negatives can still occur if this PR is not combined with #1520, which forces the TCP and UDP scans to happen consecutively (minimal risk of false negatives), instead of concurrently (increased risk of false negatives).