Re: Google/Nmap SoC 2009 Project Ideas?

[Daniel Roethlisberger <daniel () roe ch>]

Fyodor <fyodor () insecure org> 2009-03-09:
> Hi all.  Google just began taking applications for organizations to
> participate in the 2009 Summer of Code!  As you probably all know, the
> Nmap Project has benefited greatly from participating in that program
> for the past four years.  I even wrote a blog entry for them about it:
>
> http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html
>
> One of the most important requirements of a successful SoC is coming up
> with a great "ideas page" which lists summer projects that students
> can apply for.  They can always come up with their own completely new
> ideas (and we encourage that sort of creativity), but most choose
> ideas from our list or at least start with one for inspiration.
>
> You can see our 2008 ideas page here:
>
> http://nmap.org/GoogleGrants.html
>
> So if anyone has an idea for Nmap (including Ndiff, Ncat, or Zenmap),
> please speak up!

Off the top of my hat:

o Full IPv6 support in every aspect of Nmap.  I am seeing IPv6 on
  the rise, already over 50% of my personal incoming email is
  received over IPv6!  The available v4 pool wont last much longer
  than perhaps three years.  Nmap should get ready for the future
  as well and implement comprehensive support for IPv6.

o SCTP based OS detection; would require the student to find practical
  differences in major SCTP stacks first, and then implement and test
  that.  Major hurdle to make this a success would be the required or
  at least desired access to as many proprietary SCTP stacks as
  possible.

o Efficient network topology mapping.  Give Nmap (or Zenmap or even a
  separate tool) a large network range or multiple ranges, and it will
  automatically and intelligently determine the network topology
  with a minimal number of probes / in minimal scan time, i.e. don't
  do a full traceroute on each and every IP address.  There are many
  ways to cut down the number of probes required versus the naïve
  approach, including making educated guesses at subnetting, and
  intelligently verify those using a minimal number of probes (think
  binary search through possible/likely subnet layouts).

> It does not have to be such a big project that it
> would take all summer--we usually sponsor several folks who focus on
> many smaller tasks instead.  I'd love to hear about any NSE scripts
> you'd find useful, Nmap enhancements which would make your job easier,
> etc.  This is your chance to dream up whatever would make Nmap better
> for you, and there is a chance we can get Google to pay for someone to
> actually implement it in code!
>
> You can also look at the Nmap TODO (nmap/docs/TODO in svn) for many
> ideas under consideration.  If you find something there you really
> like, let us know on the nmap-dev list and we'll be more likely to
> list it on the ideas page.  I plan to write the new ideas page in the
> next few days because applications are due to Google on Friday.
>
> Cheers,
> Fyodor

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org