Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > fast scan

Reply
Thread Tools

fast scan

 
 
George Mpouras
Guest
Posts: n/a
 
      08-03-2013
# scan a network in 2 seconds using fork. Very simplistic but with
potential !




#!/usr/bin/perl
use strict;
use warnings;
use feature qw/say/;
use Net:ing;
use Net::IP;

my $threads = 255;
my $duration = 2;
my @ip_team = ();
$|= 1;


my $ip = new Net::IP ('192.168.0.1 - 192.168.0.254') or die "Could not
initiate object because ". Net::IP::Error() ."\n";


while ($ip) {
push @ip_team, $ip++ ->ip();
if ( $threads == @ip_team ) { Scan(@ip_team); @ip_team = () }
}

Scan(@ip_team);



sub Scan
{
my @Pids;

foreach my $ip (@_)
{
my $pid = fork();
die "Could not fork because $!\n" unless defined $pid;

if (0 == $pid)
{
my $ping = Net:ing->new('icmp');
say "host $ip is up" if $ping->ping($ip, $duration);
$ping->close();
exit
}
else
{
push @Pids, $pid
}
}

foreach my $pid (@Pids) { waitpid($pid, 0) }
}
 
Reply With Quote
 
 
 
 
Rainer Weikusat
Guest
Posts: n/a
 
      08-03-2013
George Mpouras <(E-Mail Removed)> writes:
> # scan a network in 2 seconds using fork. Very simplistic but with
> potential !


[...]

> sub Scan
> {
> my @Pids;
>
> foreach my $ip (@_)
> {
> my $pid = fork();
> die "Could not fork because $!\n" unless defined $pid;
>
> if (0 == $pid)
> {
> my $ping = Net:ing->new('icmp');
> say "host $ip is up" if $ping->ping($ip, $duration);
> $ping->close();
> exit
> }
> else
> {
> push @Pids, $pid
> }
> }
>
> foreach my $pid (@Pids) { waitpid($pid, 0) }
> }


If you run code like this on somebody else's network (or network and
computer), you will potentially learn more details about lart than you
ever wanted to. In order to achieve maximum disaster, run it on a
gateway for a busy network which suffers from 'traditional' BSD
network buffer management, preferably in a loop. If you manage to
reach mbuf exhaustion, you've produced a stable 'congestion collapse'
(slight misuse of the term) situation: The gateway will drop incoming
ethernet frames until it got rid of enough pings to reconsider this
descision. At this point, a reply tsunami will hit it (ping replies,
TCP retransmissions, ARP replies and ARP queries) and it will
immediately run out of mbufs again. Repeat until heat death of the
universe ...

NB: This is not a story I just invented or some kind of theoretical
conjecture. I've had the mispleasure to encounter this exact problem
on such a gateway some years ago.



 
Reply With Quote
 
 
 
 
Rainer Weikusat
Guest
Posts: n/a
 
      08-03-2013
Rainer Weikusat <(E-Mail Removed)> writes:
> George Mpouras <(E-Mail Removed)> writes:
>> # scan a network in 2 seconds using fork. Very simplistic but with
>> potential !

>
> [...]
>
>> sub Scan
>> {
>> my @Pids;
>>
>> foreach my $ip (@_)
>> {
>> my $pid = fork();
>> die "Could not fork because $!\n" unless defined $pid;
>>
>> if (0 == $pid)
>> {
>> my $ping = Net:ing->new('icmp');
>> say "host $ip is up" if $ping->ping($ip, $duration);
>> $ping->close();
>> exit
>> }
>> else
>> {
>> push @Pids, $pid
>> }
>> }
>>
>> foreach my $pid (@Pids) { waitpid($pid, 0) }
>> }

>
> If you run code like this on somebody else's network (or network and
> computer), you will potentially learn more details about lart than you
> ever wanted to.


For completeness: It is not entirely inconceivable that the fork bomb
manages to slow transmissions down so much that the 'DDoS suicide'
doesn't happen.
 
Reply With Quote
 
Charles DeRykus
Guest
Posts: n/a
 
      08-04-2013
On 8/2/2013 5:39 PM, George Mpouras wrote:
> # scan a network in 2 seconds using fork. Very simplistic but with
> potential !
>
>
>
>
> #!/usr/bin/perl
> use strict;
> use warnings;
> use feature qw/say/;
> use Net:ing;
> use Net::IP;
>
> my $threads = 255;
> my $duration = 2;
> my @ip_team = ();
> $|= 1;
>
>
> my $ip = new Net::IP ('192.168.0.1 - 192.168.0.254') or die "Could not
> initiate object because ". Net::IP::Error() ."\n";
>
>
> while ($ip) {
> push @ip_team, $ip++ ->ip();
> if ( $threads == @ip_team ) { Scan(@ip_team); @ip_team = () }
> }
>
> Scan(@ip_team);
>
>
>
> sub Scan
> {
> my @Pids;
>
> foreach my $ip (@_)
> {
> my $pid = fork();
> die "Could not fork because $!\n" unless defined $pid;
>
> if (0 == $pid)
> {
> my $ping = Net:ing->new('icmp');
> say "host $ip is up" if $ping->ping($ip, $duration);
> $ping->close();
> exit
> }
> else
> {
> push @Pids, $pid
> }
> }
>
> foreach my $pid (@Pids) { waitpid($pid, 0) }
> }



A less resource intensive alternative with POE:

http://poe.perl.org/?POE_Cookbook/Pi...Multiple_Hosts

--
Charles DeRykus
 
Reply With Quote
 
George Mpouras
Guest
Posts: n/a
 
      08-04-2013
>
>
> A less resource intensive alternative with POE:
>
> http://poe.perl.org/?POE_Cookbook/Pi...Multiple_Hosts
>


I really do not know if it is really less resource intensive, and I am
not interesting to find out, but with the simple code you can always
have as many $threads you want.

What I was thinking is why I really need super bloated frameworks like
POE or similar if I can do much simpler the same using only basic
functions.
 
Reply With Quote
 
Rainer Weikusat
Guest
Posts: n/a
 
      08-04-2013
George Mpouras <(E-Mail Removed)> writes:
>> A less resource intensive alternative with POE:
>>
>> http://poe.perl.org/?POE_Cookbook/Pi...Multiple_Hosts
>>

>
> I really do not know if it is really less resource intensive, and I am
> not interesting to find out, but with the simple code you can always
> have as many $threads you want.


Except that this is total nonsense here because all these different
processes end up stuffing IP datagrams into the TX queue for the same
network device which then sends them one after another. This means
you're basically just adding a lot of overhead because the scheduler
needs to deal with all the processes and other parts of the kernel
have to serialize them forcibly. Also, sending out ICMP echo requests
as fast as the kernel can manage to deal with the processes to
hundreds or thousands of hosts is really bad: That will end up as
hundreds or thousands of hosts hammering your single computer with
replies as fast as they can (if you ask 10,000 people to throw tennis
balls to you at the same time, you'll end up being stoned to death by
tennis balls).

> What I was thinking is why I really need super bloated frameworks like
> POE or similar if I can do much simpler the same using only basic
> functions.


A relatively simple way to do this would be to use two processes: One
which sends pings (rate-limited(!)) and another which blocks in recv
on a raw socket in order to process the replies. A single process
utilizing select and non-blocking sends and receive would be a
somewhat better choice.
 
Reply With Quote
 
Rainer Weikusat
Guest
Posts: n/a
 
      08-04-2013
Charles DeRykus <(E-Mail Removed)> writes:
> On 8/2/2013 5:39 PM, George Mpouras wrote:


[insane networking code]

> A less resource intensive alternative with POE:
>
> http://poe.perl.org/?POE_Cookbook/Pi...Multiple_Hosts


As far as I can tell, that suffers from the same "Hit me as fast as
you can, bazillions, 'cos really tired of his life!"
problem. Something equivalent can probably be implemented without POE
by writing (at worst) a little more text (my gut feeling says 'less',
actually).
 
Reply With Quote
 
Charles DeRykus
Guest
Posts: n/a
 
      08-04-2013
On 8/4/2013 3:42 AM, George Mpouras wrote:
>>
>>
>> A less resource intensive alternative with POE:
>>
>> http://poe.perl.org/?POE_Cookbook/Pi...Multiple_Hosts
>>

>
> I really do not know if it is really less resource intensive, and I am
> not interesting to find out, but with the simple code you can always
> have as many $threads you want.
>
> What I was thinking is why I really need super bloated frameworks like
> POE or similar if I can do much simpler the same using only basic
> functions.


I have to admit I hadn't dabbled with POE before. However, I quickly
installed two POE modules and had the above program running immediately.
So, even with a sub-idiot's grasp of POE's internals, you can leverage a
far more scalable, less resource-hogging code resource that can be
adapted to many different contexts.

It's true your simple fork example with no data sharing really doesn't
require POE or even threads. But later you may want something more
complicated which does. And there are many robust POE programs that you
can build upon without the riskiness and complexity of a fork (or an
even trickier thread) model. And, later, in another multi-tasking
scenario, what if you needed to fire off lots of MySQL queries, then
gather, analyze, maybe collate/reformat output. A viral fork model might
crash, not to mention seriously annoying other users... or re-kindle
thoughts about chucking it all for some simple goat herding in the Alps.

--
Charles DeRykus
 
Reply With Quote
 
George Mpouras
Guest
Posts: n/a
 
      08-05-2013



# dizzying fast with port scanner, cpu is almost 0%
# this is forking the forks !









#!/usr/bin/perl
use strict;
use warnings;
use feature qw/say/;
use Net:ing;

my $threads = 80;
my $duration = 1;
my @ip_team = ();
my $db_dir = Unique_node_name('/tmp/.fastscan');


mkdir $db_dir or die "Could not create directory \"$db_dir\" because
\"$^E\"\n" unless -d $db_dir;
$|= 1;

my @ports = (21, 22, 80, 135, 443);
my ($o1a,$o1b, $o2a,$o2b, $o3a,$o3b, $o4a,$o4b) =
Check_and_define_octet( '192.168.0.[1-254]' );

foreach my $o1 ($o1a .. $o1b) {
foreach my $o2 ($o2a .. $o2b) {
foreach my $o3 ($o3a .. $o3b) {
foreach my $o4 ($o4a .. $o4b) {

push @ip_team, "$o1.$o2.$o3.$o4";

if ( $threads == @ip_team ) { Scan(@ip_team); @ip_team = () }


}}}}


Scan(@ip_team);
system("/bin/rm -rf $db_dir");


sub Scan
{
my @Pids;

foreach my $ip (@_)
{
my $pid = fork(); die "Could not fork because $!\n" unless defined $pid;

if (0 == $pid)
{
my
$ping= Net:ing->new('icmp');
$ping->service_check(0);

if ( $ping->ping($ip, $duration) )
{
mkdir "$db_dir/$ip";
my @SubPids;

foreach my $port (@ports)
{
my $pid = fork(); die "Could not fork because $!\n" unless defined $pid;

if (0 == $pid)
{
my
$subping = Net:ing->new('tcp', 2);
$subping->service_check(0);
$subping->port_number($port);
mkdir "$db_dir/$ip/$port" if $subping->ping($ip);
$subping->close;
exit 0
}
else
{
push @SubPids, $pid
}
}

foreach my $pid (@SubPids) { waitpid($pid, 0) }
say "$ip is up";
chdir "$db_dir/$ip";
foreach ( glob '*' ) { say "\t port $_ is open" }
}

$ping->close();
exit 0
}
else
{
push @Pids, $pid
}
}

foreach my $pid (@Pids) { waitpid($pid, 0) }
}


sub Unique_node_name
{
my ($dir,$file )= $_[0] =~/^(.*?)([^\/]*)$/;
if ( $dir=~/^\s*$/ ) { $dir = '.' } else { $dir =~s/\/*$// }
$file = 'node' if $file=~/^\s*$/;
return "$dir/$file" if ! -e "$dir/$file";
my $i=1; while ( -e "$dir/$i.$file" ) {$i++}
"$dir/$i.$file"
}


# Accepts a host definition like 192.168.[0-3].[1-254]
# and returns for every octet its first and stop number
# For example for the [10-12].1.86.[1-100]
# it will return
# 10,12, 1,1, 86,86, 1,100
#
sub Check_and_define_octet
{
my @O;
( my $hosts = $_[0] )=~s/\s+//g;
( $O[0]->[0] , $O[1]->[0], $O[2]->[0], $O[3]->[0] ) = $hosts
=~/^([^.]+)\.([^.]+)\.([^.]+)\.([^.]+)$/ or die "The host definition
argument is not like 192.168.[0-3].[1-254]\n";
my $i=0;
foreach my $start (1,0,0,1)
{
if ( $O[$i]->[0] =~/^\d+$/ )
{
@{$O[$i]}[0,1] = (( $O[$i]->[0] >= $start ) && ( $O[$i]->[0] < 255 ))
? @{$O[$i]}[0,0] : die "Octet \"$O[$i]->[0]\" should be an integer from
$start to 254\n"
}
elsif ( $O[$i]->[0] =~/\[(\d+)-(\d+)\]/ )
{
$O[$i]->[0] = (( $1 >= $start ) && ( $1 < 255 )) ? $1 : $start;
$O[$i]->[1] = (( $2 >= $start ) && ( $2 < 255 )) ? $2 : 254;
@{$O[$i]}[0,1] = $O[$i]->[0] > $O[$i]->[1] ? @{$O[$i]}[1,0] :
@{$O[$i]}[0,1]
}
else
{
die "Sorry but octet \"$O[$i]->[0]\" should be something like 12 or
[10 - 254]\n"
}
$i++
}

#use Data:umper; print Dumper \@O; exit;
@{$O[0]}, @{$O[1]}, @{$O[2]}, @{$O[3]}
}




 
Reply With Quote
 
Rainer Weikusat
Guest
Posts: n/a
 
      08-05-2013
George Mpouras <(E-Mail Removed)> writes:
> # dizzying fast with port scanner, cpu is almost 0%
> # this is forking the forks !


[more of this]

Something which also deserves to be mentioned here: The sole reason
for this insane fork-orgy is that George has to work around the
library he chose to use for 'network communication' which offers only
a synchronous 'send request and wait for reply' interface. Which is
actually not atypical for 'technical solutions' starting with 'Welches
Gurkenglass, das hier dumm herumsteht, koennte sich wohl dafuer
eignen, diesen Nagel in die Wand zu schlagen?': It starts with some
clueless, devil-may-care individual selecting the wrong tool for the
job at hand because he reaches for the closest one and then proceeds
as set of 'ingenious' workarounds for the deficiencies of that.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Nikon Scan vs Vuescan, Nikon Scan smears detail, why (0/1) melbjer@hotmail.com Digital Photography 3 08-09-2008 02:52 AM
DFT [Fast Scan + Flex Test] sivaraj VHDL 0 03-15-2008 07:30 AM
Best to scan in 48 Bit HDR? Or use 48 Bit + modify during scan? NewScanner Digital Photography 9 01-16-2007 04:07 AM
Symantec corporate 10.0.1.1000 EXTREMELY fast scan??? nixie21@gmail.com Computer Support 0 07-19-2005 04:48 PM
Progressive scan dvd's on a non-progressive scan tv jack lift DVD Video 7 12-09-2003 06:01 PM



Advertisments