Hi,
How would I build a query to filter by source or destination subnet in chronicle, i'm guessing the only way to do this is via regex but I cannot get it to work, is this possible in Chronicle?
The comparison between scanme and nmap for syn scanning 65k tcp ports! scanme completed the scan in just 3.1 seconds, while nmap took 9.54 seconds. That's almost 3 times faster!
After another round of coding I decided to re-post. I started to implement syn scan via raw sockets (added IPv6 support)
and after a few tests I noticed that is way slower if compared to the implementation that uses pcap (without parallelism), since I am using non-blocking sockets (I found this pretty interesting)... perhaps I am doing something wrong? I tried to tune the deadline decreasing down to 1ms but in that case, I gained speed but I lost accuracy in the results of the scan. Trying to figure ways of speeding up syn scan via sockets, the best effort test on a directly connected device took about 20s to complete the scan, is that decently acceptable?
If you're interested, you can find the code for scanme on GitHub: https://github.com/CyberRoute/scanme
Any feedback or contribution is super welcome!!! Thanks in advance
Multiple vulns in Docker disclosed by Snyk Security Labs