Monday, January 21, 2008


Watched the video recording of Recurity Labs presentation on PortBunny during the 24th CCC. I've been involved with Nmap for over 2 years and I have to admit that the presentation did push me to the edge of my seat initially. Their points are well constructed and the graphs did show a contrast of things. At the end of the presentation, I realized that they were emphasizing on the speed aspect whilst sidestepping the accuracy aspect which IS A BIG DEAL. Sure Nmap takes 12 minutes, 18 seconds whilst PortBunny took 15 seconds to scan. That is an average of 4,369 probes per second. Nmap can scan that fast too if you remove congestion control and toss out the idea of accuracy. Though i do agree that Nmap's timing-code algorithm which is still based on TCP-RENO is from the 80's needs a long deserved overhaul.

Fyodor's response
PortBunny Project Page

"PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs sophisticated timing based on the use of so called "trigger"-packets. The port-scan is performed in 2 steps: First the scanner tries to find packets, to which the target responds ("triggers"). Second, the actual port-scan is performed. During the scan, the triggers, which were found in the first scanning-phase, are used to determine the optimal speed at which the target may be scanned."

No comments: