I had been wondering if the TCP connection throttling that I mentioned here would have an effect on my current scanning code. Since any probe packets that I'm sending are sneaking by the kernel without it's knowledge, I had a hunch that it would no longer be a concern because without the kernel knowing about the packets, it can't throttle them.
I tested this the other day and it turns out that my hunch was correct! What does this mean for future Yavar users? It means that you won't have to install the "patch" to be able to scan more than 10 hosts. On the other hand, you will need to have WinPCap, (or LibPCap for Linux and other superior OSs), installed to use this functionality, but come on, what hardcore administrator doesn't already have this installed? ;) Seriously though, this is a much better trade off since you don't have to "patch" your TCPIP.sys file with a utility that you may not trust. At this point you may be wondering how you can trust WinPCap or LibPCap. Well, they're open source. Download them, audit them, and compile them yourself if you're concerned about what they may be doing on your system. :)