Re: Nmap SoC Ideas?

[Fyodor <fyodor () insecure org>]

On Sun, Mar 14, 2010 at 12:29:38PM -0500, Kris Katterjohn wrote:
> Yes, it would be great to finally have this.  I have another idea which isn't
> totally dependent on this but would be go with it quite nicely.  I don't
> recall it being brought up before: remove the -6 option and allow mixed IPv4
> and IPv6 scanning in one session.  Split host batches up between the two just
> like is already done for directly-connected hosts and not.  Sure there is more
> to it than that with all of o.af() stuff going on and with target parsing, but
> you get the gist of it.  This would be awesome.

I think that could work well if we only specified IP/IPv6 addresses,
but it might be a bit problematic with hostnames.  If someone
specifies just "nmap www.kame.net", should Nmap look up and scan the A
record (203.178.141.194), thie IPv6 (AAAA) record
(2001:200:0:8002:203:47ff:fea5:3085), or both?  Right now there is no
ambiguity since Nmap does IPv6 IFF -6 was specified.  But admittedly
it is annoying when I type a command like "nmap
2001:200:0:8002:203:47ff:fea5:3085" and then it fails because I forgot
-6.

Admittedly that is similar to the issue of hosts with multiple records
of the same type.  Like if you scan www.google.com, Nmap sort of punts
on the issue and says:

Hostname www.google.com resolves to 6 IPs. Only scanned 74.125.19.147

In that case, it might be nicer for Nmap to scan all 6 IPs.  But then
what if someone specified www.google.com/24?  Should Nmap scan 256*6
IPs?  Should it have to merge them to handle duplicates if some of the
6 fall in the same /24?  Also, that would mean that Nmap and the Nmap
user don't know how many hosts will be scanned from a command-line
until DNS queries are done.

I don't know what the best answers are for these issues ...

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/