Re: [RFC] Default NSE Scripts

[Fyodor <fyodor () insecure org>]

On Mon, May 12, 2008 at 01:02:24PM +0200, Daniel Roethlisberger wrote:
> Kris Katterjohn <katterjohn () gmail com> 2008-05-10:
> > jah wrote:
> > > On 09/05/2008 23:17, Kris Katterjohn wrote:
> > > > Default:
> > > >
> > > > * ripeQuery
> > > This is a safe script with regard to the target, but RIPE might think it
> > > less so.  Especially as it would query RIPE for every target regardless
> > > of whether the target is in RIPE's allocation.  I think it should stay
> > > in discovery.
> > This is a script I kept switching between the lists.  I think you may be
> > right in that it's not be default material.  Anybody else want to chime
> > in on this one?
>
> I think this script could rightly be perceived as abusive by RIPE.  I
> would not include this in the default set.

There is also the problem that it does the query for every IP scanned
even though many of them may belong in the same netblock.  For
example, when I scan 193.0.0.135, RIPE returns:

inetnum:        193.0.0.0 - 193.0.7.255

The script should save that information and not query for any more
hosts in that range.  We've discussed this with regard to the
whois.nse script (which might completely replace ripeQuery.nse).
Right now there are NSE concurrency limitations which make this
difficult to implement, but Patrick is working on a solution.

So I agree with the others that we should remove this from default for
now.  If it is fixed to be more efficient, we can add it again later.
Or if it is replaced by whois.nse or another script, we can remove it.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org