HitB2010Ams – XProbe-NG: Building efficient Network Discovery Tools
July 2nd, 2010
No comments
To clear up a common misunderstanding, this Fyodor is not the same Fyodor as the author of Nmap.
XProbe-NG was written to discover a rouge server in a network of the major Taiwanese internet provider. It turned out that XProbe was not sufficient to handle all the application level stuff that was going on in this case.
However doing level 7 probes introduced two problems:
- Bandwidth – Having to send far more data
- Time – Making sure you finish in time
Other motivations for XProbe-NG include:
- Scanning other protocols then IP only
- Bulk scanning
- Probing “en-route” systems
- Migration to IPv6
- Honeypots/nets
- Improving precision