Re: [NSE] comm.lua setup_connect should connect to host.ip in preference to host.targetname

[David Fifield <david () bamsoftware com>]

On Mon, Apr 05, 2010 at 12:42:03PM +0100, jah wrote:
> I've just run into a situation where comm.exchange connected to an IPv6
> address of a target for which host name was specified on the
> command-line as part of an IPv4 scan.
> I've attached a patch, but I wonder: does anyone know of any good reason
> for comm.lua to do a socket.connect with host.targetname in preference
> to host.ip?
>
> I cannot think of a reason, but since comm.setup_connect has always done
> it this way, I thought I'd check before.

The patch looks completely correct to me. You can commit it. As it is
now, host.ip will always be available.

> Finally, I'm a bit rusty: there aren't any circumstances under which the
> host.ip is not present in the host table is there?

Not now. When proxy scanning is implemented, it could potentially be
possible to scan a host only knowing its hostname, relying on the proxy
to resolve the name. That may not happen, because the easier (less
anonymous) approach would be for Nmap to resolve the name and pass the
IP address to the proxy, plus not all proxy types support name
resolution. Using the proxy to resolve names is interesting, because
then you could use Nmap to port scan Tor .onion names.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/