Nmap Development mailing list archives
Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Tue, 29 Nov 2011 09:57:43 +0100
Hey guys, Patrik, the library is so nice and clean. Wow! Firstly I would say that probing such a large range of ports is a bad idea for a service which is not that important (such as Vuze; feel free to disagree with me, I'd love to hear your opinion). Furthermore, it defies the rarity value of 8, as David once mentioned in one of the backorifice probe threads [1]. I looked through the vuze dht specs and they're not as precise as the bittorent ones. I need to mention that not all bittorrent peers were DHT nodes, but looking through the vuze docs intuitively I'd say that all vuze peers are vuze nodes, but this is not clear from the documentation. The bittorrent library/script was made as a method for discovery of bittorrent peers and bittorrent nodes. In fact the reason there isn't a bittorrent probe is because bittorrent too, like vuze, can run on a wide range of ports. So I'd suggest finding out the way that vuze get's it's initial node ID's or IP:Port's. By a rule of thumb randomizing the ID would be the way to generate it. I also think it's what the documentation says you should do. I presume that randomizing the node ID and making several requests with different ID's would get you different sets of nodes (in other words, more nodes, which is what you want), but only an experiment would confirm this because it is also not clear from the documentation. I didn't understand if you tried this, but once you get your 20 nodes, issuing FIND_NODE to each of them should get you more nodes. It all depends on whether they return nodes closest to them, closest to your ID, or closest to your IP. IP is worst, since they'll always return the same 20 nodes. [1] http://seclists.org/nmap-dev/2011/q2/124 On Mon, Nov 28, 2011 at 3:24 PM, Patrik Karlsson <patrik () cqure net> wrote:
On Mon, Nov 28, 2011 at 3:07 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:Gorjan, Do you have any idea how this is supposed to work? Did you consider adding support for vuze dht to the bittorrent library? Do you think it would make sense to add the support now, that we have a vuze library?To my best knowledge Vuze use their own DHT protocol which is not the same as the official Bittorrent protocol (Mainline). So I think keeping the libraries separate is probably best. If anyone can can provide any insight in whether it's not a good idea to randomize the node id the way I'm doing I'm interested. Also, any input on whether it's ok or very bad to have a wide port range of the vuze-dht probe is also welcome. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
-- Gorjan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New scripts vuze-dht-info, vuze-find-nodes Patrik Karlsson (Nov 27)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Toni Ruottu (Nov 27)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Patrik Karlsson (Nov 28)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Toni Ruottu (Nov 28)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Patrik Karlsson (Nov 28)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Gorjan Petrovski (Nov 29)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Patrik Karlsson (Nov 29)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Patrik Karlsson (Nov 28)
- Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes Toni Ruottu (Nov 27)