Re: Google/Nmap SoC 2009 Project Ideas?

[ithilgore <ithilgore.ryu.l () gmail com>]

Daniel Roethlisberger wrote:
> Fyodor <fyodor () insecure org> 2009-03-09:
> > Hi all.  Google just began taking applications for organizations to
> > participate in the 2009 Summer of Code!  As you probably all know, the
> > Nmap Project has benefited greatly from participating in that program
> > for the past four years.  I even wrote a blog entry for them about it:
> >
> > http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html
> >
> > One of the most important requirements of a successful SoC is coming up
> > with a great "ideas page" which lists summer projects that students
> > can apply for.  They can always come up with their own completely new
> > ideas (and we encourage that sort of creativity), but most choose
> > ideas from our list or at least start with one for inspiration.
> >
> > You can see our 2008 ideas page here:
> >
> > http://nmap.org/GoogleGrants.html
> >
> > So if anyone has an idea for Nmap (including Ndiff, Ncat, or Zenmap),
> > please speak up!
>
> Off the top of my hat:
>
> o Full IPv6 support in every aspect of Nmap.  I am seeing IPv6 on
>   the rise, already over 50% of my personal incoming email is
>   received over IPv6!  The available v4 pool wont last much longer
>   than perhaps three years.  Nmap should get ready for the future
>   as well and implement comprehensive support for IPv6.
>
> o SCTP based OS detection; would require the student to find practical
>   differences in major SCTP stacks first, and then implement and test
>   that.  Major hurdle to make this a success would be the required or
>   at least desired access to as many proprietary SCTP stacks as
>   possible.

The SCTP detection sounds really interesting, though as Michael Pattrick said, it
might be a bit too large. However, it could possibly use osscan2.cc as a basic template,
thus limiting the task to only mess with the SCTP kernel internals (which is big enough by
itself I have to admit). Btw I think there are not that many SCTP stacks available. Another
unfortunate thing is that SCTP functionality is not usually enabled by default and many 
systems use a userspace library instead to implement SCTP. Despite these, SCTP by itself
is a protocol that has not been researched as extensively as TCP and thus provides much
ground for discovering new techniques against it.

Another idea might be an official proxy scanning patch for Nmap. I discussed a bit about this
with the folk at #nmap (efnet) and thought that maybe it's time for something that gets at last
integrated with Nmap, if of course Fyodor and the rest agree.

Porting Nmap to mobile phones might be another good idea (for example Google's android), though I think
that something similar has been previously been proposed.

I will hopefully apply for GSoC/Nmap this year, since I am really interested in Nmap and low level 
networking.

-- 
ithilgore
sock-raw.org






_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org