Re: Is QSCAN forgotten?

[doug () hcsw org]

Hi Marek,

Thanks for asking about Qscan! No, it hasn't been forgotten,
just sidetracked. I plan on writing a nuff script called qscan
for the next-generation. I'm thinking its use will be something
like this:

nuff qscan -p 22,80 target.com

I have many ideas for algorithm improvements. In particular,
I think taking the median rtt value to be the mean for each
target in the student t-test will improve accuracy and scanning
speed a great deal.

As a related topic, I also plan on writing a nuff utility
"reordermon" that attempts to detect packet filters like Qscan
does but looks for packet reordering anomalies. The idea being
that when the same TCP handles all responses they will probably
be processed and replied to in-order, but if other devices are
falsifying responses then the order of delivery can change.
I'm still not sure if reordermon will work but the theory
seems pretty strong!

As for implementing Qscan in NSE, it is certainly possible.
The biggest problem is, of course, that pcap and raw sockets
need to be added to NSE. This problem might already be solved
thanks to your patch!

But there are a few other problems that might come up. For
instance, Qscan wants to be given a set of ports to run
the scan against but NSE is designed to have one script
per port.

Best,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org