Follow-up on using unicornscan for a big scan (400,000+ public IPs)
Posted by Tate Hansen Thu, 27 Dec 2007 19:36:00 GMT
I’m happy to report our growing experience using unicornscan for large discovery sweeps is a positive one. Our confidence in using this tool has increased and it is now our preferred weapon of choice for scanning large IP swaths.
To recap: We performed a sweep of 400,000+ public IPs across multiple continents by configuring the scans to do a full TCP port scan of each IP, sustained ~55 Mbits/s using between 3 and 5 systems, and completed it in a matter of days.
This is pretty good considering by sending two SYN probes per port it meant sending ~52.5 billion packets and producing some 3 Terabytes of data.
Nmap is often our preferred tool, and we used it to spot check our results with unicornscan, but from now on it will come down to the details of the gig to make the choice.
Tech note: We avoided problems with table overflows and other like issues by placing the systems directly on the internet and with iptables turned off.
