http://blog.clearnetsec.com/articles/2007/10/14/trying-out-unicornscan en-us 40 <p>We’ve hit a new high. We’ve soaked ourselves in a bandwidth bath on behalf of a client whom would like us to discover active services across a range of six public /16 blocks plus some scattered /17s, /24s, etc. The range is close to a total of 400,000 IPs. </p> <p> We started out with five dual Xeon systems running 20 to 40 instances of nmap, each tuned, and each instance targeting 64 IPs. This client wants the job completed in weeks, so we decided it was a good time to get more experience with unicornscan. </p> <p> By luck, we tapped into a Danish provider that is allowing us to push 55Mbits/s. I have no idea how much that amount of bandwidth would normally cost, especially if sustaining it 24x7 for a few weeks, but I’m guessing it is way over $10,000. Our client would allow us to go up to 100Mbits/s, alas, our luck doesn’t go that far. </p> <p> Anyway, we now have faster dual-core systems each pushing ~25 Mbits/s via <a href="http://www.unicornscan.org/">unicornscan</a> like so: </p> <p> <blockquote> sudo nohup /usr/local/bin/unicornscan -mT -p –r25000 -vv xxx.zz.0.0/16:a -w unicorn.output.for.xxx.zz..0.0.fullTCP > unicorn.output.fullTCP & </blockquote> </p> <p> We have lots of results from nmap; so far unicornscan is matching the nmap results. Having the ability to specify packets per second with unicornscan is super nice. </p> <p> We’ll create a follow up post on how all our scanning worked out on this gig when we’re finished (sometime in late November). Sun, 14 Oct 2007 22:10:00 -0600 urn:uuid:41de7625-dc6f-4304-bd0f-07fd9f49eca1 tate@ClearNetSec.com (Tate Hansen) http://blog.clearnetsec.com/articles/2007/10/14/trying-out-unicornscan nmap port scanning ClearNet ClearNet Security Tate Hansen unicornscan