Nmap Development mailing list archives
Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address
From: "Eddie Bell" <ejlbell () gmail com>
Date: Mon, 11 Jun 2007 14:43:30 +0100
It would be useful to write a general function that can check this, as
other scripts will probably need the same feature. Perhaps one of the
NSE soc'ers could take a look at it? The code could look something
like this:
function isPrivateAddress(addr)
local a, b = addr:match( ("([^"..'.'.."]*)"..'.'):rep(2))
if(a == '10' or
(a == '172' and b == '16') or
(a == '192' and b == '168')) then
return true
end
return false
end
Although I'm not sure where in the nse code it would go.
- eddie
On 10/06/07, DePriest, Jason R. <jrdepriest () gmail com> wrote:
Most of the systems I scan are on an internal network. The RIPE Query always fails because this traffic is not allowed to leave the network. My suggestion is to take the IP address that the script is using and compare it against private ranges. If it is in one of those ranges, skip it. I realize that this would be extremely cumbersome to try to fit the ranges around full regular expressions. So, I looked at converting the ranges to their dword values and then using those for comparison instead. So 10.0.0.0 to 10.255.255.255 becomes 167772160 to 184549375, 172.16.0.0 to 172.31.255.255 becomes 2886729728 to 2887778303, and 192.168.0.0 to 192.168.255.255 becomes 2886729728 to 2887778303. To convert the IP address of the host to dword in LUA would probably need to be done like this (Perl example since I don't know LUA): <code> my $host_ip = <some IP address>; my ($w, $x, $y, $z) = split(/\./,$host_ip); my $host_dword = ( ( $w * 256 + $x ) * 256 + $y ) * 256 + $z; </code> Then just see if $host_dword is in any of the private ranges by doing simple < and > comparisons. If it is inside those ranges, don't try to look it up. What do you think? It had been my intention originally to provide a patched script on my own, but the way regular expressions are handled is different enough so that I cannot easily grasp the concept without more examples. -Jason -- NOTICE: This email is being sent in clear-text across the public Internet. Therefore, any attempts to include unenforceable legalese restrictions are ridiculous and pointless. If you can read this, consider yourself authorized (whether I like it or not).
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address DePriest, Jason R. (Jun 10)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Eddie Bell (Jun 11)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Arturo 'Buanzo' Busleiman (Jun 11)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Eddie Bell (Jun 11)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Thomas Buchanan (Jun 11)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Diman Todorov (Jun 12)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Chad Loder (Jun 12)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Fyodor (Jun 13)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Diman Todorov (Jun 14)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Arturo 'Buanzo' Busleiman (Jun 11)
- Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address Eddie Bell (Jun 11)