Nmap Development mailing list archives
Re: DNS fuzzer'
From: David Fifield <david () bamsoftware com>
Date: Sat, 3 Apr 2010 14:00:57 -0600
On Sat, Apr 03, 2010 at 03:09:49AM -0400, Michael Pattrick wrote:
On Fri, Apr 2, 2010 at 11:34 PM, David Fifield <david () bamsoftware com> wrote:I have to apologize; looking at my Bash history I was running against the wrong IP address. The one I ran against didn't have a DNS server running. But the results are the same with the correct IP address.[snip] I'm actually surprised you got that far, I discovered a bug in the recursive only support after more thorough testing. I hate flooding the list with tiny increments of the same script, but this bug can cause crashes. With a few different DNS server configurations I see that it's probably best to keep the recursive option for now, at the very least it's the only way I can figure out how to guarantee that a DNS server will respond.
I did run into a problem with it. The detection wasn't working and I had to set recursiveOnly to true manually. Then I had to change host host.ip and port to port.number in the call to dns.query. Here's how it's working now with a timelimit of 10 seconds. Against the ISP nameserver: PORT STATE SERVICE REASON 53/udp open domain script-set |_dns-fuzz-4: The server seems impervious to our assault. Against dproxy: PORT STATE SERVICE REASON 53/udp open|filtered domain no-response |_dns-fuzz-4: Server didn't response to our probe, can't fuzz I want you to commit the script with one change. Just add a default timelimit of 10 minutes if no script argument is given. Fyodor's right that we should have a general-purpose function like unpwdb.timelimit. We can tackle that problem separately after the script is committed.
One other thing: would you add a short description of the fuzzer category to scripting.xml? It's the part that corresponds to http://nmap.org/book/nse-usage.html#nse-categories.Patch attached.
That looks good. You can commit it, except leave out the part that says dns-fuzz is the only script in the category. It's to be hoped that we get more of this type of script, and then it's one more thing to remember to update. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: DNS fuzzer, (continued)
- Re: DNS fuzzer Fyodor (Apr 02)
- parse_timespec function David Fifield (Apr 05)
- Re: parse_timespec function Michael Pattrick (Apr 06)
- Re: parse_timespec function Fyodor (Apr 07)
- Re: parse_timespec function David Fifield (Apr 08)
- Re: parse_timespec function Fyodor (Apr 08)
- Re: parse_timespec function David Fifield (Apr 15)
- Re: parse_timespec function David Fifield (Apr 13)
- Re: DNS fuzzer Fyodor (Apr 02)
- Re: DNS fuzzer Michael Pattrick (Apr 03)
- Re: DNS fuzzer' David Fifield (Apr 03)
- Re: DNS fuzzer David Fifield (Apr 02)