Nmap Development mailing list archives

Re: GSoC : CPE , SCTP ,Update feed

From: ambarisha b <b.ambarisha () gmail com>
Date: Sun, 3 Apr 2011 18:15:09 +0530

On Fri, Apr 1, 2011 at 11:16 AM, David Fifield <david () bamsoftware com> wrote:

One more idea I had in mind was adding SCTP support for NSE.But there
was mention of some problems being reported about the SCTP
functionality.First that has to be investigated.


I don't remember hearing of problems with SCTP in NSE? Can you remind me
what they were?


May be I was a bit unclear,I meant the normal -sY/-sZ scans.Have a
look at this discussion tagged in the
todo:http://seclists.org/nmap-dev/2009/q2/672.It might just be a
misconfiguration in the network.Still its worth a look.Presently, I
get all the ports filtered.Perhaps, scanme.csnc.ch is now firewalled ?

The idea is to add SCTP support for NSE.I was hoping to add
functionality to parse SCTP headers for packet module in NSE, to get a
clear idea of what would be involved as a mockup. What do you say ?

I also read about the update feed mechanism which ,I think, is a
crucial feature.I have yet to study the update feed mechanisms of
Metasploit vs OpenVAS.I will try to make a draft of advantages of each
if needed.I will get back as soon as I have progress to report.


I looked at the thandy updater, but there was a little problem as
their demo link isn't working.I also came across this other framework
TUF written by the authors of the linked paper on attacks targeting
packet managers.It hasn't undergone much testing,but is worth a look.I
still need to research a bit more on this to write a concrete
proposal.Are we targeting at a complete software updater or just the
databases and the scripts?Any particular inclinations or other
requirements?I guess, it will also become easy to apply patches after
this, right?

"ncat --sctp" is a good tool for setting up dummy servers for testing.

Yeah, that was what I had in mind.

Cheers
Ambarish
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: GSoC : CPE , SCTP ,Update feed ambarisha b (Apr 03)
- Re: GSoC : CPE , SCTP ,Update feed David Fifield (Apr 06)
- Re: GSoC : CPE , SCTP ,Update feed Daniel Roethlisberger (May 03)
  - Re: GSoC : CPE , SCTP ,Update feed David Fifield (May 03)
    - Re: GSoC : CPE , SCTP ,Update feed Daniel Roethlisberger (May 04)
    - scanme.roe.ch SCTP services over IPv6 (was: GSoC : CPE , SCTP , Update feed) Daniel Roethlisberger (May 04)
    - Re: scanme.roe.ch SCTP services over IPv6 (was: GSoC : CPE , SCTP , Update feed) David Fifield (May 04)