Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SYN Stealth Scan Timing percentage decreasing, time remaining increasing #1772

Open
infosecconsultant opened this issue Oct 3, 2019 · 1 comment

Comments

@infosecconsultant
Copy link

commented Oct 3, 2019

Hi,
I am running the following command from a vanilla kali install against approximately 700 hosts on a 100Mbit synchronous connection:

nmap -sS -sV -O -p 1-65535 -T4 -v3 -iL targets.txt --min-hostgroup 50 --max-hostgroup 100 -Pn --script http-headers,http-robots.txt,http-title -oX abc65535.xml -oN abc65535.txt -oG abc65535.og

The scan has been running for approximately 24 hours now, and currently appears stuck on the 'SYN Stealth Scan Timing'. The time is consistent and reasonable, however, the scanner now appears to be increasing the amount of time required and decreasing the percentage done as shown below:

Completed SYN Stealth Scan against 999.999.999 in 1033.08s (1 host left)
SYN Stealth Scan Timing: About 90.94% done; ETC: 06:31 (0:01:51 remaining)
SYN Stealth Scan Timing: About 90.96% done; ETC: 06:33 (0:02:02 remaining)
SYN Stealth Scan Timing: About 90.99% done; ETC: 06:35 (0:02:14 remaining)
SYN Stealth Scan Timing: About 91.01% done; ETC: 06:38 (0:02:27 remaining)
SYN Stealth Scan Timing: About 91.02% done; ETC: 06:40 (0:02:41 remaining)
SYN Stealth Scan Timing: About 91.04% done; ETC: 06:43 (0:02:57 remaining)
SYN Stealth Scan Timing: About 91.06% done; ETC: 06:47 (0:03:14 remaining)
SYN Stealth Scan Timing: About 91.08% done; ETC: 06:50 (0:03:33 remaining)
SYN Stealth Scan Timing: About 91.11% done; ETC: 06:54 (0:03:53 remaining)
SYN Stealth Scan Timing: About 91.13% done; ETC: 06:58 (0:04:15 remaining)
SYN Stealth Scan Timing: About 91.16% done; ETC: 07:03 (0:04:39 remaining)
SYN Stealth Scan Timing: About 91.20% done; ETC: 07:08 (0:05:05 remaining)
SYN Stealth Scan Timing: About 91.23% done; ETC: 07:14 (0:05:33 remaining)
SYN Stealth Scan Timing: About 91.26% done; ETC: 07:20 (0:06:05 remaining)
SYN Stealth Scan Timing: About 91.30% done; ETC: 07:27 (0:06:38 remaining)
SYN Stealth Scan Timing: About 91.33% done; ETC: 07:34 (0:07:14 remaining)
SYN Stealth Scan Timing: About 91.37% done; ETC: 07:42 (0:07:53 remaining)
SYN Stealth Scan Timing: About 91.41% done; ETC: 07:50 (0:08:35 remaining)
SYN Stealth Scan Timing: About 91.45% done; ETC: 08:00 (0:09:21 remaining)
SYN Stealth Scan Timing: About 91.50% done; ETC: 08:10 (0:10:09 remaining)
SYN Stealth Scan Timing: About 91.55% done; ETC: 08:21 (0:11:02 remaining)
SYN Stealth Scan Timing: About 91.60% done; ETC: 08:33 (0:11:59 remaining)
SYN Stealth Scan Timing: About 91.65% done; ETC: 08:46 (0:13:00 remaining)
SYN Stealth Scan Timing: About 91.71% done; ETC: 09:00 (0:14:04 remaining)
SYN Stealth Scan Timing: About 91.77% done; ETC: 09:15 (0:15:13 remaining)
SYN Stealth Scan Timing: About 91.84% done; ETC: 09:32 (0:16:26 remaining)
SYN Stealth Scan Timing: About 91.91% done; ETC: 09:50 (0:17:43 remaining)
SYN Stealth Scan Timing: About 92.00% done; ETC: 10:09 (0:19:04 remaining)
SYN Stealth Scan Timing: About 92.08% done; ETC: 10:29 (0:20:30 remaining)
SYN Stealth Scan Timing: About 92.17% done; ETC: 10:51 (0:21:59 remaining)
SYN Stealth Scan Timing: About 92.26% done; ETC: 11:15 (0:23:32 remaining)
SYN Stealth Scan Timing: About 92.37% done; ETC: 11:40 (0:25:09 remaining)
SYN Stealth Scan Timing: About 92.48% done; ETC: 12:07 (0:26:46 remaining)
SYN Stealth Scan Timing: About 92.60% done; ETC: 12:35 (0:28:28 remaining)
SYN Stealth Scan Timing: About 92.74% done; ETC: 13:05 (0:30:06 remaining)
SYN Stealth Scan Timing: About 92.92% done; ETC: 13:37 (0:31:37 remaining)
SYN Stealth Scan Timing: About 93.09% done; ETC: 14:10 (0:33:09 remaining)
SYN Stealth Scan Timing: About 93.30% done; ETC: 14:45 (0:34:28 remaining)
SYN Stealth Scan Timing: About 93.53% done; ETC: 15:20 (0:35:34 remaining)
SYN Stealth Scan Timing: About 93.76% done; ETC: 15:57 (0:36:34 remaining)
SYN Stealth Scan Timing: About 93.97% done; ETC: 16:34 (0:37:38 remaining)
SYN Stealth Scan Timing: About 94.20% done; ETC: 17:13 (0:38:26 remaining)
SYN Stealth Scan Timing: About 94.32% done; ETC: 17:53 (0:39:55 remaining)
SYN Stealth Scan Timing: About 94.43% done; ETC: 18:34 (0:41:28 remaining)
Warning: 000.000.000.000 giving up on port because retransmission cap hit (6).
SYN Stealth Scan Timing: About 90.85% done; ETC: 19:50 (1:14:58 remaining)
SYN Stealth Scan Timing: About 90.94% done; ETC: 21:11 (1:21:38 remaining)
SYN Stealth Scan Timing: About 91.04% done; ETC: 22:40 (1:28:40 remaining)
Stats: 21:42:07 elapsed; 354 hosts completed (362 up), 8 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 91.11% done; ETC: 23:34 (1:32:48 remaining)
SYN Stealth Scan Timing: About 91.27% done; ETC: 01:14 (1:39:54 remaining)
Stats: 24:12:02 elapsed; 354 hosts completed (362 up), 8 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 91.37% done; ETC: 02:15 (1:43:59 remaining)

I find this behaviour to happen not infrequently when doing large port scans but I'm still unsure as to what causes this behaviour and what I can do to prevent it from occuring.

If it makes any difference, some of the targets are behind a CDN that's likely blocked us from some of the hosts.

Any suggetions greatly appreciated.
Thanks

@infosecconsultant

This comment has been minimized.

Copy link
Author

commented Oct 6, 2019

Same scan run, but this time, the command

nmap -sS -sV -O -p 1-65535 -T4 -v3 -iL targets.txt --min-hostgroup 50 --max-hostgroup 100 -Pn --script http-headers,http-robots.txt,http-title -resume abc65535.xml

is used

This time, after several hours, the process hangs at 'Initiating NSE' and does not provide output for several hours. After this, 'enter' is pressed on session and a seg-fault is triggered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.