Re: Re: [Paper] New Idle Scan Techniques

[David Fifield <david () bamsoftware com>]

On Mon, May 27, 2013 at 11:24:55AM +0200, Mathias Morbitzer wrote:
> My name is Moe, I'm currently working on my thesis to finish my
> studies in computing security. In my work, I analyzed if the TCP Idle
> Scan can be ported from IPv4 to IPv6. To tell you the answer: With
> some modifications, yes, it can! 
>
> An article and my final thesis with the details are planned to be
> published in summer/fall. 
>
> But enough of the advertisement. After creating a proof of concept
> with scapy, I would like to implement the TCP Idle Scan in IPv6 in
> Nmap, but I have a hard time on deciding which implementation method
> to choose: Implementing it directly in the Nmap-core or creating a
> lua-script. For me, the more logical would be the core, but then I
> found this post from Henri in which he patched Nmap so that he can
> create the RST rate limit scan with NSE. (Which is somehow similar to
> the TCP Idle Scan in IPv6) 
>
> Now, my question is: Which way of implementing my scan would you
> recommend?  

Writing in Lua and NSE is likely to be better for prototyping your idea.
The infrastructure to allow NSE to set port states is not in place. But
what you can do is make a hostrule script that does the idle scan and
then displays the results as ordinary script output.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/