Two related stories we’ve been tracking the past few days were the announcement of a new tool that can scan the entire Internet in less than an hour and an update to THE defacto networking scanning tool.
First is the release of the new Zmap tool that is able to nmap the entire IPv4 space in 45 minutes. Now don’t expect that type of speed right off the bat but the average user can get pretty close relative to a traditional Nmap scan that would take two to three months.
There have been several articles on Zmap since its release but I particularly found this article, written by none other than Sir Tim Berners-Lee, to be one the best in explaining its secret sauce. Essentially, Zmap is stateless … in that it sends out scan requests and forgets about them. That way it can just focus on sending out new scan requests rather than dealing with the overhead associated with tracking simultaneous queries and responses. How does Zmap track responses then? Well, it encodes identifying information into scan requests so it can properly track responses. Nice trick!
Next up is the update of the defacto scanning tool Nmap to 6.40 with several new scripts and a few speed improvements (a little Zmap envy perhaps 😉 ). According to fyodor’s post on Nmap Announce some of the key updates include the following.
- 14 new NSE scripts
- Hundreds of new OS and service detection signatures
- New –lua-exec feature for scripting Ncat
- Initial support for NSE and version scanning through a chain of proxies
- Improved target specification
- Many performance enhancements and bug fixes
Today’s post pic is from Naked Security. See ya!