Open-AudIT

What's on your network?
It is currently Wed Jan 24, 2018 6:02 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: slow scanning OA 1.12.8
PostPosted: Fri Sep 02, 2016 7:21 am 
Offline
Newbie

Joined: Fri Dec 25, 2015 1:56 am
Posts: 28
Hi,

I'm currently running a scan on a /17 subnet. On average, this takes 93seconds per ip address. Which roughly translates to 35 days.
Is this normal, or am I missing some settings to tweak?

Running version 1.12.8.1 on Debian 8 VM with 4 CPU's and 1GB RAM. It's a clean install, not an upgrade.

thanks :)


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 05, 2016 10:17 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1935
Location: Brisbane, Australia
Will need more information.
A /17 is a LOT of ip addresses ( > 32,000 ip addresses).
I'd suggest breaking it down into more manageable chunks.

Do you have credentials for the devices? An SNMP scan will take a while to attempt to connect to the device and have to time out for each SNMP version (1,2c,3) with each credential set. Once you have the correct credentials associated with a device, these are attempted first, so next time around scanning should be much quicker. Same with other methods (WMI / SSH).

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 05, 2016 6:42 pm 
Offline
Newbie

Joined: Fri Dec 25, 2015 1:56 am
Posts: 28
a /17 was the easiest way to scan, since I wasn't really looking forward to starting 128 /24 scans. Though if that's what's needed to get a shorter scan time...

There's multiple types of devices in each /24 subnet, so I have matching credential sets for each one.
Is there a way to decide which set gets tested first? For example, as most of the devices are windows devices (some with snmp enabled), it would make more sense to test the windows credentials before snmp.

I currently have 3 sets of windows credentials and 1 snmp community.

I've also noticed the timeout on a dead IP takes a long time. Can I change this to be shorter? There's a few /24's in there that are not in use (closed stores), so that's a lot of time lost.

thanks :)


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 07, 2016 9:09 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1935
Location: Brisbane, Australia
Quote:
Is there a way to decide which set gets tested first?

Not at present, no. We could possibly do something here depending on the Nmap reported open ports.
Quote:
I've also noticed the timeout on a dead IP takes a long time.

This is Nmap I assume. The initial scan is of the entire submitted range like below:
Code:
nmap -n -sL ip_range

For each device that responds, it's scanned using the below options.
Code:
nmap -vv -n -Pn --host-timeout 90 T4 your_ip_address

You might see if there are any other Nmap options that might be of use to you.

I think the single biggest issue is scanning a /17.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group