Re: [PATCH] Don't Idle scan your idle proxy

[Fyodor <fyodor () insecure org>]

On Mon, Jun 05, 2006 at 12:32:59PM -0700, Kurt Grutzmacher wrote:
> While working with an idlescan we recognized that trying to scan the
> idle proxy with an idle scan would do bad things. Sometimes it would
> kill the scan, othertimes is just gave us some really funky
> information. Since you don't want to ever scan the idle proxy I wrote
> a quick patch to ignore it.
>
> Since I couldn't figure out a way to pull out the proxy's IP address
> from the proxy structure within idle_scan() I pulled some string fun.
> If someone can clean it up then please do it. This is one of those
> "works in our testing" scenarios.

Thanks.  This looks good, but I agree with you that using the proxy IP
would be better than the DNS name since the forward-DNS name given by
the user may not match the reverse-DNS name.  You can obtain the proxy
IP address with 'proxy->host.v4hostip()' (you'll find some examples of
this in idle_scan.cc).  If you can write and test a patch against
4.04BETA1 which tests against the proxy IP, I'd be happy to
incorporate it.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev