Round 3 Winner:
This is the 1st test that represents what a security tester is likely to see in the field. There are multiple targets all sharing a common network gateway device.
Unicornscan finished its tests in an average of 5.5 minutes, or roughly 5 times faster than portbunny or nmap. Unicornscan missed 0 open ports. Unicornscan was the clear winner of Round 3.
Nmap places higher in the ranking than portbunny due to the -PN option. Nmap actually scanned all ports for the entire /25 range requested and averaged about 29 minutes per test cycle. It did however miss a total of 4 open ports between two different test cycles.
Portbunny only scanned all ports for IP's that responded during its discover phase. This is not valid for thorough testing of remote networks. Even with the greatly reduced workload portbunny averaged about 28 minutes per test cycle. To its credit, portbunny missed 0 open ports.
Target hosts are all unfiltered with various services each:
192.168.103.1 - Linux
192.168.103.3 - 3com appliance
192.168.103.4 - BSD
192.168.103.5 - Linux
192.168.103.6 - Linux
192.168.103.7 - Linux
192.168.103.8 - Solaris
192.168.103.9 - Linux
192.168.103.10 - Linux
192.168.103.11 - Windows
192.168.103.12 - Windows
192.168.103.13 - Windows
192.168.103.14 - Windows
192.168.103.20 - Linux
Scanning Steps:
1. Send from an IP address that is not in use for any other traffic.
1a. Where possible, use fantaip to cycle through previously unused IP's
2. Send at the default rates (no tuning).
3. Capture all tcp, udp, or icmp packets outgoing from src IP to dst IP
4. Capture all screen output. (screen -L)
5. Repeat 3 times
6. Cap tests to 20 minutes per IP.
Special Settings:
nmap: -PN --min-hostgroup 32 --max-hostgroup 128 --max-rtt-timeout 50 --max-retries 0 -T5
unicornscan: -r30000 -L30
portbunny: none -- no option to test all IP's ignoring/skipping discover phase.
*** Note: Did not have time to run tools with "default" settings. Nmap was taking multiple hours for each test cycle.
0 comments:
Post a Comment