initial

author: Root THC 2026-02-24 12:42:47 +0000
committer: Root THC 2026-02-24 12:42:47 +0000
commit: c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree: aefc355416b561111819de159ccbd86c3004cf88 /other/b-scan/PROBLEMS
parent: 073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
1 files changed, 58 insertions, 0 deletions
diff --git a/other/b-scan/PROBLEMS b/other/b-scan/PROBLEMS
new file mode 100644
index 0000000..24db576
--- /dev/null
+++ b/other/b-scan/PROBLEMS
@@ -0,0 +1,58 @@
+                                     No one believes an hypothesis except its
+                                     originator, but everyone believes an
+                                     experiment except the experimenter.
+                                                       J.Anon, 1823
+[0] General
+ As larger the target network (10.0.0.0/8 is large) is as
+ faster you can scan (-X -l 5000+).
+ Use 'spreadmode' (-X) whereever possible.
+ Use an unused ip from your local network for spoofing.
+ (bscan comes with its own arp-daemon to handle arp-requests
+ to the spoofed ip)
+ 
+[1] Scanning your own LOCAL network:
+ If you get packet loss and missing scan results while
+ scanning your local network, please lower the scan rate.
+ Your host is unable to resolve 1000 arp's per second
+ and therefor drops packets.
+ Try some smaller values at about 50-100 hosts/second.
+ 
+[2] Why is 'spreadmode' so much better ?
+ 
+ First: its non-linear and so more 'stealthy'.
+ Default timeout for most IDS is around 4 mins. 
+ If you scan linear [not spreadmode] you hit
+ the target network several thousand times the second.
+ Second: The last router has to resolve all mac's for
+ the hosts on the target network.
+ There is no router that can resolve 1000+ mac's per second.
+ 'Spreadmode' tries to guess the 'router distance' and
+ send packets to different routers [non-linear].
+ It tries to achieve the maximum time-distance between
+ two packets hit the same router.
+ It's up to the reader to proof that a random scan 
+ is inadequate in this situation.
+[3] Does bscan work on other media than ethernet ?
+ Short answer: NO!.
+ Long answer: I'll add support for other media's later.
+  
+[4] Does it work through NAT ?
+ 
+ Yes. But be aware that most NAT-systems are unable to keep the
+ state of 100.000 seconds. Try reducing the scan-speed (-l 100?)
+ for instance.
+
author	Root THC	2026-02-24 12:42:47 +0000
committer	Root THC	2026-02-24 12:42:47 +0000
commit	c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree	aefc355416b561111819de159ccbd86c3004cf88 /other/b-scan/PROBLEMS
parent	073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)

diff --git a/other/b-scan/PROBLEMS b/other/b-scan/PROBLEMS new file mode 100644 index 0000000..24db576 --- /dev/null +++ b/other/b-scan/PROBLEMS
@@ -0,0 +1,58 @@
	1	No one believes an hypothesis except its
	2	originator, but everyone believes an
	3	experiment except the experimenter.
	4	J.Anon, 1823
	5
	6
	7	[0] General
	8
	9	As larger the target network (10.0.0.0/8 is large) is as
	10	faster you can scan (-X -l 5000+).
	11
	12	Use 'spreadmode' (-X) whereever possible.
	13
	14	Use an unused ip from your local network for spoofing.
	15	(bscan comes with its own arp-daemon to handle arp-requests
	16	to the spoofed ip)
	17
	18
	19	[1] Scanning your own LOCAL network:
	20
	21	If you get packet loss and missing scan results while
	22	scanning your local network, please lower the scan rate.
	23	Your host is unable to resolve 1000 arp's per second
	24	and therefor drops packets.
	25	Try some smaller values at about 50-100 hosts/second.
	26
	27
	28	[2] Why is 'spreadmode' so much better ?
	29
	30	First: its non-linear and so more 'stealthy'.
	31	Default timeout for most IDS is around 4 mins.
	32	If you scan linear [not spreadmode] you hit
	33	the target network several thousand times the second.
	34
	35	Second: The last router has to resolve all mac's for
	36	the hosts on the target network.
	37	There is no router that can resolve 1000+ mac's per second.
	38	'Spreadmode' tries to guess the 'router distance' and
	39	send packets to different routers [non-linear].
	40	It tries to achieve the maximum time-distance between
	41	two packets hit the same router.
	42	It's up to the reader to proof that a random scan
	43	is inadequate in this situation.
	44
	45
	46	[3] Does bscan work on other media than ethernet ?
	47
	48	Short answer: NO!.
	49	Long answer: I'll add support for other media's later.
	50
	51
	52	[4] Does it work through NAT ?
	53
	54	Yes. But be aware that most NAT-systems are unable to keep the
	55	state of 100.000 seconds. Try reducing the scan-speed (-l 100?)
	56	for instance.
	57
	58