
	exo v0.4 - a port sweeper
        =========================

exo is (c) 1999 by Mixter - http://1337.tsx.org

Changes by Lez <lezli@alarmix.net>

Changes in 0.4:

It actually works. :P The ip and tcp checksum functions were broken and
implemented incorrectly, resulting in severe problems routing and
accepting the packets. It now works reliably against any host. Thanks to
lezli@alarmix.net (http://w3.swi.hu/lezli), who found and fixed these bugs.

About:

Exo is a handy little tool that 'sweeps' a range of ports on a list of hosts.
It works by sending out raw packets and waiting for replies with two separate
threads. This method makes exo able to find open ports without any delay, i.e.
effectively at the rate that your bandwidth allows.

Example:

It can be used to find all open ports on a host quickly, like this:
 echo host.com | exo -t1	Or a small range of ports on a lot of hosts,
like this:	exo -t1 -p21-25 -s 192.0.0.0 -e 193.0.0.0 -o ports.txt

Details:

Exo uses connectionless tcp 'half-scan', udp scan and ping sweep. For udp scan,
you may have to use large delays, if scanning many ports on one host (because
of kernel flood protection). UDP scans are not very reliable, as it only
reports services that actually sent answers.
This is because the nmap style scan sends packets and waits for 'connection
refused/reset' messages, assuming all other ports to be open. I wrote exo
because I wanted maximum performance as opposed to nmap, which is not that
fast and optimized to support many different stealth scans, functions etc.

Performance:

Exo can do reliable tcp/ping sweeps of networks at these speeds:
(This was tested from my dialup.. with Cable you can scan about 16x faster,
on a T1 w/ 10Mbit ethernet 156x, on a oc12 about.. 1800x)

	  1 host, 65535 ports, tcp..    540 seconds
	255 hosts, 5 ports, tcp.....    130 seconds
	255 hosts, icmp sweep.......     10 seconds
	65280 hosts, 1 port, tcp....   9600 seconds
	65280 hosts, icmp sweep.....   1280 seconds


-- Mixter <mixter@newyorkoffice.com>

	md5 checksums
