RE: NSE / nsock library questions

["Thomas Buchanan" <TBuchanan () thecompassgrp net>]

> -----Original Message-----
> From: Eddie Bell [mailto:ejlbell () gmail com] 
> Sent: Thursday, May 22, 2008 4:06 PM
> To: Thomas Buchanan
> Cc: nmap-dev
> Subject: Re: NSE / nsock library questions
>
> I remember this coming up before,
>
> http://seclists.org/nmap-dev/2007/q2/0319.html
>
> As doug points out, it is possible but will play havoc with 
> the parallelization
>
> - eddie

Eddie,

Thanks for the pointer.  I can definitely see where multiple scripts
waiting to bind the same originating port could cause some serious
resource contention.  

I wonder, though, if it would make sense to implement a function that
creates outbound connections from so-called privileged ports, without
trying to specify what that port might be.  There are a still a number
of network services that just won't talk to clients from unprivileged
ports. 

Even if we restrict ourselves to the top half of the privileged port
range to avoid contention with common network services, we still have
over 500 ports to choose from.  Since NSE defaults to a limit of 10
concurrent connections, we shouldn't have to worry too much about
resource contention.  Perhaps something to think about, at least.

Anyway, I think for now I'll look at other options for my rsh-based
discovery script.

Thanks,

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org