Re: [PATCH]+[NSE Script] DNS open recursion (CVE-1999-0024)

[Diman Todorov <diman.todorov () chello at>]

Adding more binary data support to NSE is on my TODO list.

> - A references lua table for CVE, BID, YATID, OSVDBID might be
>   good. Full bug descriptions, like in nasl files, are redundant
>   information for most nmap hackers (;
I am not quite sure what you're talking about here :)

> - Filename naming guidelines
There are already some guidelines in the man page. I should probably
split the man page into more documents though. One of these should
definitely be coding guide lines. Documentation is currently top
priority on my TODO list.

> - NSE is a very cool feature, I really like it <:
I am glad :)

> - I am currently hacking fpdns.pl[2] to output its database and a NSE
>   script using the database
I have already had someone suggest to write an NSE script to muck about
in the nagios database. Perhaps this kind of scripts should be  
considered
in more detail.

> I must admit that I am not quite sure if this is wanted. On the one
>   hand -sV supports Nameserver version detection, but on the other the
>   fpdns detection is also very good. Unix tradition shows that many
>   good tools do a good job. I also do not want that nmap `eats` the
>   fpdns project or that NSE `eats` the nmap service detection.
>   Any advise?
NSE won't 'eat' -sV simply because -sV runs a lot faster than NSE. You
should use NSE only when the version detection features are not  
sufficient
for the task at hand.

> [1]
> http://groebert.org/felix/pub/nmap/nmap-4.20ALPHA4-NSE-bitops.patch
> http://groebert.org/felix/pub/nmap/dns-test-open-recursion.lua
> http://groebert.org/felix/pub/nmap/
I will have a look at this.

cheers
Diman



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org