Nmap Development mailing list archives
Re: NMAP NSE script for iSCSI enumeration
From: Michel Chamberland <merc () securitywire com>
Date: Sun, 11 Oct 2009 21:05:37 -0400
I will make these suggested changes. I am running iscsitarget on linux to provide the service on localhost. I am going to setup a VM with Windows Storage Server 2008 and FreeNAS and give it a try on these 2 too. Many SAN mass storage devices now support iSCSI to expose storage space to servers as well as keeping data in sync between production and disaster recovery sites. Some of the big players that have some form of support for iSCSI are EMC, IBM, NetApp, HP, etc... Other consumer level desktop NAS solutions also support iSCSI. Here is a recent example: http://www.iomega.com/about/prreleases/2009/100809_storcenter_ix2_200.html It is my understanding that to be compliant with the RFC, enumeration of targets, like the script is doing, without authentication is mandatory. So in theory the script should work on all of them. Authentication to access and mount the targets is optional. So if anyone has any nodes providing iSCSI services on their network, they probably want to take a closer look and make sure they are using proper authentication and access controls so an attacker cannot directly mount the partitions served by their NAS solution without authentication. Thanks, Michel On Sun, 2009-10-11 at 18:13 -0600, David Fifield wrote:
On Sun, Oct 11, 2009 at 01:43:05AM -0400, Michel Chamberland wrote:Thanks again everyone for your input! I've updated the script following your suggestions and uploaded it at same URL. It is quite easier to read now. The process of documenting it also allowed me to remove the whole first packet after I realized it was not required :) Now I'll see if I can get some more testing done with various targets...Going by the criteria at http://nmap.org/book/nse-usage.html#nse-categories , would you consider the script "safe" or "intrusive"? I'm guessing it is safe because you have it in default. In shortport.port_or_service(3260, "iSCSI"), I think you want to use "iscsi" because that is the capitalization used in the nmap-services file. There's a call to nmap.new_try but the try object isn't used anywhere. Maybe it's left over from a pervious version? I would remove "iSCSI Targets found" from the output. That will be clear enough because the script name will be printed. Please add an NSEDoc @usage section. It can be just like you have on your blog page. Thanks for writing the script! What software are you running on localhost that provides the iSCSI service? What kinds of devices is it likely to be found on? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Fyodor (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Patrick Donnelly (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration David Fifield (Oct 11)
- Re: NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 11)
- Re: NMAP NSE script for iSCSI enumeration Fyodor (Oct 10)