Nmap Development mailing list archives
Re: Feature request list all IP addresses of a host name
From: Ron <ron () skullsecurity net>
Date: Thu, 29 Apr 2010 10:34:09 -0500
On Thu, 29 Apr 2010 12:34:12 +0200 "Luis MartinGarcia." <luis.mgarc () gmail com> wrote:
So the thing is, how often a DNS query for a hostname returns different IPs that actually represent different physical hosts and how often those IPs belong to just one host?
I would suspect the answer is, not all that often if ever. I've seen cases where a machine has multiple interfaces with different domain names (we do that a lot), and I see a lot of cases where one domain name points to different physical (but similar or even identical) boxes, like Google. But I don't think I've ever seen a place where the same name on the same box has different addresses. That doesn't seem to make sense to me - please correct me if I'm wrong. It seems to me, the way Nmap currently works, you're missing potentially important data. If the same hostname points to multiple addresses, and the different addresses have different configurations, or one is compromised, then you're basically closing your eyes and taking a shot in the dark. The next time you scan the same address, you aren't necessarily scanning the same machine. In other words, the current method of only scanning the first ip address is likely missing things, and is also non-deterministic. I would personally advocate scanning all addresses (or the first x for a reasonable value of x (16?) with a warning if there are too many) by default, and giving options to scan one or all. I realize the issues with changing the output for sysadmins, but I think they'd rather go "holy crap, we have a Trojan on one of our 10 servers!?" than "hmm, looks fine to me!" That's my 2 Canadian cents (in US currency, that's 1.99 cents). -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Feature request list all IP addresses of a host name Derek (Apr 28)
- Re: Feature request list all IP addresses of a host name David Fifield (Apr 28)
- Re: Feature request list all IP addresses of a host name kafansi () gmail com (Apr 28)
- Re: Feature request list all IP addresses of a host name Fyodor (Apr 28)
- Re: Feature request list all IP addresses of a host name Djalal Harouni (Apr 29)
- Re: Feature request list all IP addresses of a host name Luis MartinGarcia. (Apr 29)
- Re: Feature request list all IP addresses of a host name Djalal Harouni (Apr 29)
- Re: Feature request list all IP addresses of a host name Kris Katterjohn (Apr 29)
- Re: Feature request list all IP addresses of a host name Ron (Apr 29)
- Re: Feature request list all IP addresses of a host name Kris Katterjohn (Apr 29)
- Re: Feature request list all IP addresses of a host name Rob Nicholls (Apr 29)
- Re: Duplicate IPs in hostgroup (was: Feature request list all IP addresses of a host name) Fyodor (Apr 29)
- Re: Duplicate IPs in hostgroup (was: Feature request list all IP addresses of a host name) David Fifield (Jun 15)
- Re: Duplicate IPs in hostgroup (was: Feature request list all IP addresses of a host name) David Fifield (Jun 25)
- Re: Feature request list all IP addresses of a host name Ron (Apr 29)
- RE: [BULK] Re: Feature request list all IP addresses of a host name Norris Carden (Apr 30)
- Re: Feature request list all IP addresses of a host name David Fifield (Apr 28)
- Re: Feature request list all IP addresses of a host name Djalal Harouni (Apr 29)
- Re: Feature request list all IP addresses of a host name jah (Apr 29)
- Re: Feature request list all IP addresses of a host name David Fifield (May 11)