Re: suggestion to update ripeQuery.nse to not bother if the IP address is a private IP address

[Fyodor <fyodor () insecure org>]

On Tue, Jun 12, 2007 at 04:26:31PM -0700, Chad Loder wrote:
> On Wed, Jun 13, 2007 at 12:49:06AM +0200, Diman Todorov wrote:
>
> There is already code within core nmap to do this, although I don't
> know if it has been maintained.

Good point chad.  Nmap actually has a frew functions functions related
to this:

isipprivate() --> Checks if an IP address is 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16
islocalhost() -> Checks if an IP is localhost
ip_is_reserved() -> The most comprehensive of the bad IP chekers.
                    Includes the isipprivate() IPs as well as 127/8
                    and a bunch of addresses that just haven't been allocated yet.

So which one should we use?  islocalhost() is out because it returns
true for the IP address of your own machine (e.g. if I was scanning
www.insecure.org from www.insecure.org).  isprivate works, but the big
ommission is the 127.0.0.0/8 which you don't want to do a ripe lookup
on.  ip_is_reserved should do the trick, though at the risk of missing
out on IPs which were reserved bu no longer are.  Also, it can be
useful and informative that RIPE says an IP is currently reserved.

So I would suggest either use isipprivate() + 127.0.0.0/8 or
ip_is_reserved().  Whatever you guys think is best.  But I'm leaning
toward the former, since most people won't be scanning the other
"reserved" blocks unless the Nmap reserved list is out of date or they
have other reasons for wanting details on those IPs.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org