Re: [PATCH] Experimental SCTP scan support

[Daniel Roethlisberger <daniel () roe ch>]

Daniel Roethlisberger <daniel () roe ch> 2009-01-03:
> I've hacked together experimental SCTP support for nmap.  Please
> give it a whirl and let me know how it goes.  I'm especially
> interested in tests against real-world, proprietary SCTP stacks,
> whether it also builds on systems other than FreeBSD, and
> anything else I might have missed.
>
> http://daniel.roe.ch/code/nmap/nmap+sctp-20090103-r11604-initscan.diff

Am I the only one who keeps forgetting that svn does not include
externals in `svn diff` output?  You'll need this separate patch
to nbase as well:

http://daniel.roe.ch/code/nmap/nbase+sctp-20090103-r11604-initscan.diff

> SCTP is a layer 4+ protocol like TCP or UDP and also has 16 bit
> port numbers.  One reason why SCTP might be of interest is it's
> use by telco stuff migrated to the IP world, such as SS7/SIGTRAN.
>
> What works / has been done:
> -   SCTP INIT scans (stealth scans, much like SYN scans in the TCP
>     world) seem to work.  A SCTP packet is sent with an INIT
>     chunk; the response is a INIT_ACK chunk if the port is open
>     or an ABORT chunk if closed.
> -   Patched libdnet-stripped with rather minimal SCTP support.
> -   Added a list of 36 well-known SCTP ports to nmap-services.
>
> Not done yet:
> -   SCTP based ping probes.
> -   SCTP support for IP proto scan.
> -   Use itag/itsn to store scan state.
> -   Support the deprecated Adler32 checksum as an option.
> -   More advanced scan types using different chunk combinations.
>
> Note that SCTP scans usually do not work through network address
> translators.  This is because today's NAT boxes typically do not
> know how to translate SCTP packets.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org