Re: Raw IP NSE Functionality (Was Re: [NSE] Raw ethernet frame questions ...)

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/17/2010 07:16 PM, David Fifield wrote:
> I tested out the branch and the script, and it looks good when run along
> with OS detection.
>
> IP ID Sequence Generation: Randomized
> Host script results:
> |_ipidseq: Randomized [used port 22]
>
> I like the overall look and interface of the new functions.

Great!

> About Windows support: Have you (or anyone) tested raw sending to a
> non-Target? How are you testing this generally? If you have even just a
> short script snippet, that is fine.

I use ipidseq and just occasionally overwrite and hardcode to google.com:80
and use my router as the Nmap target (similar to kx's response):

local port = 80
host.bin_ip = packet.iptobin("74.125.65.105")

> I was thinking that the code should check for the option
> PACKET_SEND_ETH_STRONG and refuse to fall back to a raw socket in the
> case, but I can't find anywhere else where that is enforced.

Actually, I did this same thing.

> In the C-Lua functions, I recommend including the strerror and perhaps
> errno in error strings.

This sounds good.

> In the scripting.xml documentation, I think that the raw IP sending
> should be given primary coverage, with Ethernet sending mentioned at the
> end as an alternative for special situations (the opposite precedence
> that is there now). What do you think, and would you make that change if
> you agree?

Sure, this makes sense to me.

> The nmap.is_privileged function I have no objection to. All the above is
> fine with me. One thing deserves some further design discussion, which
> is the nmap.get_ports function. I think it would be better to wrap
> PortList::nextPort more directly, giving scripts one-at-a-time access to
> port tables (and avoiding creating a potentially large table of tables,
> most of which won't be used by many scripts). A script that needs the
> full port list can easily create it by doing just what your C function
> does, looping with nextPort. Scripts like ipidseq.nse that need just any
> old port wouldn't need to allocate as much memory.

OK, this is good too.  I'll give it a go.

> I think the ipidseq script is a great idea. I know it's something I've
> wanted before.

Awesome.

> David Fifield

Thanks!
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLfK95AAoJEEQxgFs5kUfu5kkQAMhBdfDPkHjPQVXVpSYB5fns
IH8IyEN7c1pg06C6jz8aBUQLbfzZmDLorN1AUsdipTBmg6CrfSLuocgknvSrKbZ1
WDgVzevG+sazWB9ZIBcXyQgfLAz+fOdhdELfmERI0kzxz6qcQEeXmy9P92E+L6We
4e4G9tem68Mq/JhMYeB2a0E+jcB/tndWaf8RFCfgOBUVQIMQrQVqHcVmK0WkrV7o
8FXG5wpnbJCpmhB+Loox7gHMJAzYw0VI5MjDf8R/xiJrb2QQnvPmKz1rXrL8Hq2X
UikmGY8O9TWoW5C9FH7fLXHQXZGU/psiMPiy/14eyxmRhy8WmdnBOQ3jRwLlbOAd
pvzcDl2sglP5FXU5uRHFUO/TvLtb0n8FUKXR1m+RJNP27mfcuk4A7mr8vFbHewsL
faOY6Vh9iQ+OJu3FdBi/HSUd+h+cHTzEIU4sfa9SB3cwyEp0xNCzQbUj+MFGPO2D
HqCAhN5s9t5wIKOKuRCMIayNa2Fsj8fbyu1KRq9lJKbx3Tow+IVy3rd+7BO+9aYa
Rl9iGgXWCMfKy6o9K319XBUDeLxZAXctO3QP6aTsWYgMYYg5+bjqPmuczzeFuhhV
NxQNK2+NKXUDV/EG/DfYDbAsodNDSEicbxZKCxhJ/ZlmOiGvV5wLmMQoTcmEULeR
zy9v+csU2/jxOxIi/Z++
=6S1s
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/