Nmap Development mailing list archives
Re: ncat - proxy behavior / dns lookup / bug?
From: David Fifield <david () bamsoftware com>
Date: Fri, 15 Jun 2012 06:24:57 -0700
On Thu, Jun 14, 2012 at 06:25:24PM +0200, Florian Roth wrote:
Recently I carried out of an audit at a client's network in which I tried to connect trough the clients proxy server (HTTP, HTTPS) to another ncat instance running on a remote server. Workstations in the clients internal network cannot resolve host names located in the Internet. The internal DNS only resolves internal host names. I though - wow, cool, ok, it's safer that way. But than I noticed that ncat tries to resolve the DNS addresses given as parameters and fails. ncat --proxy proxy.company.net:8080 www.web.de 80 .. cannot resolve www.web.de ... Therefore I tried this ncat --nodns --proxy 10.1.1.250:8080 www.web.de 80 .. cannot resolve www.web.de ... I tried to connect to the IP but the proxy was configured to deny all requests made to IP addresses. My final impression is that this is a bug, because ncat should not try to resolve the host name to an IP address before sending the request to the proxy server. It should be the task of the proxy server to resolve the IP.
I agree that Ncat shoud use the proxy to resolve the name when possible. According to my understanding, this is possible with SOCKS4a, SOCKS5, and HTTP proxies, but not SOCKS4. This would require some changes to the structure of the code, because if I remember correctly, Ncat resolves the destination address shortly after option parsing. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ncat - proxy behavior / dns lookup / bug? Florian Roth (Jun 14)
- Re: ncat - proxy behavior / dns lookup / bug? David Fifield (Jun 15)
- Re: ncat - proxy behavior / dns lookup / bug? Florian Roth (Jun 15)
- Re: ncat - proxy behavior / dns lookup / bug? David Fifield (Jun 15)