Re: great book and small 6to4 conversion NSE script

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 29 Dec 2008 22:59:19 +0100 or thereabouts Henrik Lund Kramshøj
<hlk () kramse dk> wrote:

...snip...
> I also attach the annoying perl script and my first try in
> converting it - using hardcoded
> values for the packet. It is a nice way of getting the time from a  
> nameserver,
> by forcing it to return a signed packet, and taking the difference  
> form localtime.

I've been meaning to dig through the fpdns (fingerprint DNS for those
who haven't used it) and integrate some of its ideas into the service
probes file.  The script you attached can mostly be converted to a
service fingerprinting probe/match pair.  Depending on the format of the
received response, we may need a routine to "unpack" a few bytes into a
number (string) and possibly even the equivalent of perl's "localtime
1230590913" to convert a number to a string like "Mon Dec 29 22:48:04 UTC 2008".

I'm not sure if Fyodor is open to adding relatively simplistic routines
like that to service fingerprinting or he'd rather have NSE take over
that sort of task.  Personally, I'd prefer DNS timestamping to be a
service fingerprinting feature.

Good to see someone working on these sorts of scripts.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklZVGsACgkQqaGPzAsl94IZBgCeI6eIYyy+TLKqypbH22K/dmyc
FdsAoL0bXI7gVDPjvl3INi9hRtfeQ08c
=pDqe
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org