http://blog.clearnetsec.com/articles/2007/12/27/follow-up-on-using-unicornscan-for-a-big-scan-400-000-public-ips en-us 40 <p>I’m happy to report our growing experience using unicornscan for large discovery sweeps is a positive one. Our confidence in using this tool has increased and it is now our preferred weapon of choice for scanning large IP swaths. </p> <p> <b>To recap:</b> We performed a sweep of 400,000+ public IPs across multiple continents by configuring the scans to do a full TCP port scan of each IP, sustained ~55 Mbits/s using between 3 and 5 systems, and completed it in a matter of days. </p> <p> This is pretty good considering by sending two SYN probes per port it meant sending ~52.5 billion packets and producing some 3 Terabytes of data. </p> <p> Nmap is often our preferred tool, and we used it to spot check our results with unicornscan, but from now on it will come down to the details of the gig to make the choice. </p> <p> <i><b>Tech note:</b> We avoided problems with table overflows and other like issues by placing the systems directly on the internet and with iptables turned off.</i> Thu, 27 Dec 2007 12:36:00 -0700 urn:uuid:bb1d8624-361f-4fca-9777-466bfd9d4124 tate@ClearNetSec.com (Tate Hansen) http://blog.clearnetsec.com/articles/2007/12/27/follow-up-on-using-unicornscan-for-a-big-scan-400-000-public-ips nmap scanning security port scanning ClearNet ClearNet Security Tate Hansen unicornscan