Nmap Development mailing list archives
Re: [NSE] ASN made more robust and documented - much more to do.
From: jah <jah () zadkiel plus com>
Date: Wed, 03 Sep 2008 22:02:44 +0100
On 03/09/2008 20:33, David Fifield wrote:
You said a newer version of this script queries origin.asn.cymru.com and and peer.asn.cymru.com instead of using nmap.asn.cymru.com. Can you explain more why that is? Team Cymru created the nmap domain in order to track load. If there's something wrong with what nmap returns maybe we can get them to change it.
The nmap zone returns multiples of two TXT answers and each pair of answers are what would be returned by queries for the origin and peer cymru zones. I observed that the answers returned for a query for the nmap zone weren't ordered making it difficult to consistently detect which answer relates to the origin ASN and which to the peer ASN(s) in certain cases (such as multiple origin answers and peer answers containing a single ASN). I was exploring the possibility of using the nmap zone and then, when it is difficult to determine which is the answer containing the origin ASN, sending a query for the origin zone to confirm. I decided that doing this was alot of work for such a simple script and decided not to use the nmap zone. Some possible ways that Team Cymru might help: Separate zones for origin and peer such as nmap.origin.asn.cymru.com and nmap.peer.asn.cymru.com. Definite ordering of the answers - ideally, alternating zone answers so that when a query returns multiple BGP prefixes we get answers grouped by BGP. We could however deal with answers grouped by zone. Labelling of the answers so the answer itself announces whether it's an origin or peer answer. I was thinking that the best way to display the ASN information would be to combine the information for a given BGP prefix and reduce the redundancy of fields: So instead of: | ASN: 4 records found. | Origin ASN: 10565 | BGP: 64.13.128.0/18 | Country: US | Origin ASN: 10565 | BGP: 64.13.128.0/21 | Country: US | Peer ASN: 3561 6461 | BGP: 64.13.128.0/21 | Country: US |_ Peer ASN: 174 2914 6461 | BGP: 64.13.128.0/18 | Country: US present this: | ASN: 4 records found. | BGP: 64.13.128.0/18 | Country: US | Origin ASN: 10565 | Peer ASN: 174 2914 6461 |_BGP: 64.13.128.0/21 | Country: US | Origin ASN: 10565 | Peer ASN: 3561 6461 which looks much better (especially in cases where there are a lot of peer AS numbers). It would be cool if a single query to nmap.asn.cymru.com returned answers formatted like this! I actually didn't post the version of asn.nse which isn't using the nmap zone - I sent it only to you (which wasn't my intention - it was early in the morning here) and is the version that uses the dns library. Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] ASN made more robust and documented - much more to do. jah (Aug 15)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)
- Message not available
- Message not available
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 01)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
- Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
- Re: [NSE] ASN jah (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Re: [NSE] ASN David Fifield (Sep 05)
- Re: [NSE] ASN jah (Sep 06)
- Re: [NSE] ASN jah (Sep 06)
- Re: [NSE] ASN David Fifield (Sep 16)
- Message not available
- Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Aug 29)