Nmap Development mailing list archives
Re: general scanning engine - request for comments :)
From: majek04 <nmap () forest one pl>
Date: Sat, 15 Jul 2006 01:24:45 +0200
Fyodor wrote:
------------------|-binary-|-udp-|-dns-|-ipv6-|-k-a- HTTPPROXY CONNECT-|---Y----|-----|--Y--|--?---|----- HTTPPROXY GET-----|--------|-----|--Y--|--?---|--Y-- SOCKS 4-----------|---Y----|--Y--|-----|------|----- SOCKS 4a----------|---Y----|--Y--|--Y--|------|----- SOCKS 5-----------|---Y----|--Y--|--Y--|--Y---|----- FTP BOUNCE--------|--------|-----|-----|------|--Y-- classic connect()-|---Y----|--Y--|--Y--|--Y---|-----Looks good. I assume classic connect() is the Nmap connect scan (-sT)? If so, it doesn't really do "resolving dns names on the remote site", nor does Nmap support UDP any longer using connect (though it theoretically could).
Woops. My mistake. Now, by saying connect() I mean what nsock :) Isn't nsock supporting udp?
Maybe it would be useful to implement connect scan through your proxy scanning engine anyway as a simple case for testing/debugging/etc the system. It probably wouldn't become the default implementation of -sT, but it would be interesting to compare the performance and timing between the two implementations.
Probably it wouldn't become default implementation. But when we'll implement this we could separate our engines. With proxy engine that doesn't need root, and with ultra_scan that needs privileges.
If you find an elegant way to handle this, go for it. Otherwise, I think keeping forward DNS resolution as is for now is OK. But I can definitely see us possibly wanting to add remote host DNS in the future, so do try to keep that in mind. We may want to give a privacy warning message if the user DOESN'T specify -n.
What I would need, is doing forward dns queries in the last moment, just before ip number is needed.
Ping probes: Normally nmap is doing ping probes before scanning. How such ping probes should look like when someone is using proxy/socks chaining?Maybe they can just use -P0. I tend to think another warning message is warranted here if they use proxy scan but don't specify -P0.
I think by default -P0 should be assumed when doing proxy-scanning. But maybe in future we should implement some type of '-PS' through proxy.
Service detection: Imagine Version Detection through TOR or other anonymous proxy. I think this could be really powerful tool.Yeah. I think we should try to isolate the proxy chaining code as much as possible so that it can be more easily reused in ncat, possibly version detection, etc. Doug suggested putting the code in Nsock. That may make sense (especially if there are efficiency advantages to integrating them), though isolating them in their own files in Nmap with a reasonably generic API and as few (if any) dependencies on Nmap stuff (like the NmapOps structure) might be a good compromise.
Okay. Cheers :) Marek Majkowski _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Re: general scanning engine - request for comments :), (continued)
- Re: general scanning engine - request for comments :) majek04 (Jul 14)
- Re: general scanning engine - request for comments :) Diman Todorov (Jul 15)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) majek04 (Jul 14)
- Re: general scanning engine - request for comments :) Fyodor (Jul 15)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) Fyodor (Jul 15)
- Re: general scanning engine - request for comments :) majek04 (Jul 14)
- Re: general scanning engine - request for comments :) Fyodor (Jul 15)
- Re: general scanning engine - beta release majek04 (Jul 25)
- Re: general scanning engine - beta release majek04 (Jul 25)
- Re: general scanning engine - beta release Fyodor (Aug 01)
- Re: general scanning engine - beta release Fyodor (Aug 01)