Nmap Development mailing list archives
Re: general scanning engine - request for comments :)
From: Fyodor <fyodor () insecure org>
Date: Sat, 15 Jul 2006 15:12:53 -0700
On Wed, Jul 12, 2006 at 11:58:09PM -0700, doug () hcsw org wrote:
Just in case some people thinking about the system think that chaining proxys is only useful for the ultra paranoid, consider situations like the following:
I agree completely.
An extremely handy chaining type would be SSH. I'm not sure exactly how you to implement this. If you assume every box has nc on it, it could be easy. Otherwise, you could possibly perhaps an ssh tunnel to perform this.
Maybe. I'm not sure exactly what sort of ssh proxying you have in mind. I think you can already do something like: ssh user@proxy1 ssh user@proxy2 ssh user@proxy3 nmap [options] [targets] That will likely be much more efficent than trying to set up ssh tunnels or execute nc. But of course the final machine must have Nmap installed. But if you have ssh access, that is usually easy to achieve (download a binary to /tmp or whatever) and does not requrie root access.
o Escaping your own ISP's port forwarding restrictions. I've used ISPs before that filter outbound port 25 - making it impossible to scan SMTP servers!
Yeah, the anti-spammer in me likes this restriction but the rest of me hates this unwelcome intrusion into my connectivity. My DSL line does this. Obviously it is easy to tunnel around, but still annoying. The goal is to prevent naive users from becoming unwitting spam zombies, so they should make it easy for more experienced users to remove this "protection". But I'm getting into a whole different debate now :).
Many people using this method are probably scanning under the assumption they will get maximum scanning privacy and sometimes a simple DNS request can give it away. I would suggest reverse DNS be disabled by default for all proxy scans.
I see your point, but then we would need some way to turn it back on for people who do want it. Plus we'd need to document yet another special case in the man page. I'd say just print a warning if they use proxy scan but not -n. There are cases where you aren't worried about detection of your DNS lookups.
Some of these proxying methods can perform forward DNS resolution for us. The forward DNS could potentially be more complicated.
Yeah, though I agree that it would be cool if we do find a way to support it. Without ugly hacks.
In your mail you talked about performing service detection through a chain of proxys. This would be extemely cool! Do you think it would be possible to add the proxying functionality as some sort of addition to nsock? This would be a very useful addition to nsock and could potentially mean that a huge amount of (present and future) Nmap functionality could be proxied.
I think that is a great idea. Though as I mentioned to Majek, just trying to isolate the codoe as well as possible may be a good first step. I can see the desire to share this code with ncat, version detection, etc. Thanks for your comments! -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Re: general scanning engine - request for comments :), (continued)
- Re: general scanning engine - request for comments :) doug (Jul 12)
- Re: general scanning engine - request for comments :) Diman Todorov (Jul 13)
- Re: general scanning engine - request for comments :) majek04 (Jul 14)
- Re: general scanning engine - request for comments :) Diman Todorov (Jul 15)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) Fyodor (Jul 15)
- Re: general scanning engine - request for comments :) majek04 (Jul 16)
- Re: general scanning engine - request for comments :) doug (Jul 12)
- Re: general scanning engine - request for comments :) Fyodor (Jul 15)
- Re: general scanning engine - request for comments :) majek04 (Jul 14)
- Re: general scanning engine - request for comments :) Fyodor (Jul 15)
- Re: general scanning engine - beta release majek04 (Jul 25)
- Re: general scanning engine - beta release majek04 (Jul 25)
- Re: general scanning engine - beta release Fyodor (Aug 01)
- Re: general scanning engine - beta release Fyodor (Aug 01)