Nmap Development mailing list archives
Re: Is QSCAN forgotten?
From: doug () hcsw org
Date: Wed, 11 Jul 2007 20:56:46 -0700
Hi Marek, Thanks for asking about Qscan! No, it hasn't been forgotten, just sidetracked. I plan on writing a nuff script called qscan for the next-generation. I'm thinking its use will be something like this: nuff qscan -p 22,80 target.com I have many ideas for algorithm improvements. In particular, I think taking the median rtt value to be the mean for each target in the student t-test will improve accuracy and scanning speed a great deal. As a related topic, I also plan on writing a nuff utility "reordermon" that attempts to detect packet filters like Qscan does but looks for packet reordering anomalies. The idea being that when the same TCP handles all responses they will probably be processed and replied to in-order, but if other devices are falsifying responses then the order of delivery can change. I'm still not sure if reordermon will work but the theory seems pretty strong! As for implementing Qscan in NSE, it is certainly possible. The biggest problem is, of course, that pcap and raw sockets need to be added to NSE. This problem might already be solved thanks to your patch! But there are a few other problems that might come up. For instance, Qscan wants to be given a set of ports to run the scan against but NSE is designed to have one script per port. Best, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Is QSCAN forgotten? majek04 (Jul 11)
- Re: Is QSCAN forgotten? doug (Jul 11)
- Re: Is QSCAN forgotten? Arturo 'Buanzo' Busleiman (Jul 11)
- Re: Is QSCAN forgotten? doug (Jul 11)