Nmap Development mailing list archives
[NSE] Dual-stack (IPv4/6) bug/feature?
From: John Bond <john.r.bond () gmail com>
Date: Wed, 6 Jun 2012 21:12:47 +0200
Hi List, I have noticed an issue with scanning host that is dual stacked. As in it has both an A and AAAA record associated with the name. The issue occurs when a port is open on v4 but not v6. When nmap scans the host www.example.com by default will only scan A records (correct me if im wrong). However when an nse script using nsock passes the same hostname the AAAA record is preferred. if the port is only open on v4 then the script will fail. here is the output from me running the one of the hadoop scripts against a host which has the setup outlined above (real addresses/hostnames have been altered) http://pastebin.com/eGPWiapd I tried to trace this and im pretty sure it is in the nsock c code. Although i have to admit it was a while since i last looked at this and when i dug into the c code i got a bit lost. Im not sure if this is a bug or more precisely where the bug lies. however i think a good fix would be to ensure nsock prefers A records unless nmap is run with the -6 flag. It is difficult for me to test as i noticed the issue at work and i dont have and ipv6 prefix at home. That said if you want me to send more information or try and find a simpler script which produces the same problem let me know john _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Dual-stack (IPv4/6) bug/feature? John Bond (Jun 06)
- Re: [NSE] Dual-stack (IPv4/6) bug/feature? Daniel Miller (Jun 06)