We've upgraded some of our servers to 12.04 recently, and i've noticed that when I run nmap from some other server to check open ports on these 12.04 servers it take WAY longer than before. is this a known issue?
Asked
Active
Viewed 222 times
0
-
What is the exact command you are using? Are there any new firewall rules or IDS? – Lucas Kauffman Aug 06 '12 at 08:44
-
Hi, thanks for your reply. You are right, it seems that nmap runs slower when all ports are filtered than when even one port is not filtered. I wonder why is that? – SecondThought Aug 06 '12 at 08:52
-
I'll make it an answer then ;) – Lucas Kauffman Aug 06 '12 at 08:54
-
what's the difference between 1000 filtered ports and 999 filtered ports that makes it so much slower?... – SecondThought Aug 06 '12 at 12:15
-
I haven't got an idea, what port did you leave out? – Lucas Kauffman Aug 06 '12 at 20:14
2 Answers
1
When port filtering is enabled, nmap can run a lot slower than normal.
Lucas Kauffman
- 16,880
- 9
- 58
- 93
1
Nmap can adjust its timing based on round-trip times and expected responses. A port is considered filtered if no response is received within some time period. If Nmap finds a port open early in the scan, it can reduce the timeout for considering a port filtered, speeding up the rest of the scan. This is why a host with 1 open (or 1 closed) and 999 filtered ports can take significantly less time to scan than one with 1000 filtered ports.
bonsaiviking
- 4,420
- 17
- 26