+1 for skip32.c since it's O(1) space and O(1) time. With the prime approach, you may need to call it multiple times to reject numbers greater than 2^32-1. Also, a generalized Feistel algorithm may be used to generate permutations with fewer than 32 bits with the same constant space/time requirement and may be helpful in skipping specific IP ranges.
xyzzy123|12 years ago
I have to admit that I'm slightly chagrined by the disparity of approach between a lame-ass pentester and an associate professor and two PHD candidates. Reverse elitism, it lives.
I still find the decision to release to be an interesting choice; I didn't because I felt that it would lead to an increase in Internet background radiation, and that basically it's an obvious approach and anyone working in this area will come to exactly the same conclusions. Beer soaked napkin calculations will lead everyone to exactly the same scanner. From my POV there was little benefit in giving this crap to people who wouldn't make the same calculations and write the same code.
What amused me for a while was how long we could get away with being the top "malicious" source on DShield [hint, this requires a ridiculously high packet rate - but it was less than 50k PPS :]. But if you use zmq and distribute your targets that way between a bunch of scan agents, you can get off the top 10 list. Also you can do a scanner like this with a lot less SLOC. The correct architecture is "ip distributor", "scan agent", "listener". They're sort of conflating.
tptacek|12 years ago
http://www.cs.ucdavis.edu/~rogaway/papers/subset.pdf
(Marsh Ray tweeted this yesterday; it's an easy read)
buddydvd|12 years ago