Nmap Development mailing list archives
Re: Nmap compliance with new RFC 3514
From: "James D. Levine" <levine () vinecorp com>
Date: Tue, 1 Apr 2003 00:33:44 -0800
[ More thoughts on RFC3514 compliance -- redirected from nmap-hackers to nmap-dev. Side-note: Sometimes I seriously do consider a robots.txt-like mechanism (obviously implemented very differently) for allowing to targets to specify how/wether they wish to be probed. It is not on my near-term TODO though. --Fyodor ] This is a tough one. It seems to me that Nmap has always struck the right balance between strict compliance and useful bending of the rules. Nmap should default to a conservative, fully-compliant setting, but allow full control for more advanced, deliberate use. For RFC 3514 this properly translates to default E=0 for -sT, and E=1 for all other scan types. I'm for a command-line switch. A --evil switch can override to force E=1 for all scan types. For E=0 override there would be the complimentary --good, or --innocent (for strict compliance). One can imagine --evil will be very welcome among the novice hackers early in their careers, as they take those first hesitant steps towards evil hacking. It might be more useful to have pre-defined profiles, similar to the existing timing switches (Paranoid, Sneaky, Polite, etc.): --evil E=1 for all scans --good E=0 for all scans --wanna-be-evil E=1, forces -sT scan sequential ports/addresses --l337-h4X0r E=0, forces IP range = www.asiankitty.com --evil-genius E=n/a, nmap successfully predicts movements in the stock market via a complicated alogorithm scanning Fortune 500 sites I suggest those only as a first swipe at the problem. I'm troubled by some of the deeper implications and interpretations of an --evil switch, but will restrain myself from further exploration, pending the many intelligent analyses of the RFC forthcoming on this list and elsewhere. James --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Re: Nmap compliance with new RFC 3514 James D. Levine (Apr 01)
- <Possible follow-ups>
- Re: Nmap compliance with new RFC 3514 Florin Andrei (Apr 01)
- RE: Nmap compliance with new RFC 3514 dave (Apr 01)
- Re: Nmap compliance with new RFC 3514 Steven P. Adelman (Apr 01)
- Re: Nmap compliance with new RFC 3514 Florin Andrei (Apr 01)
- RE: Nmap compliance with new RFC 3514 Bryan Waters (Apr 01)
- Re: Nmap compliance with new RFC 3514 Max (Apr 01)