Nmap Development mailing list archives
Re: [NSE] edns-client-subnet-00
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 16 Feb 2012 09:13:02 +0100
On Mon, Feb 13, 2012 at 10:43 PM, John Bond <john.r.bond () gmail com> wrote:
Hello nmap Hackers, I have created a couple of scripts which implement the http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00 this is a draft ietf proposal but it is backed by google, verisign and neustar. At least google has already implemented it on its authoritative nameservers. I have written a blog post describing the scripts and its functions here http://b4ldr.wordpress.com/2012/02/13/mapping-cdn-domains/. In a nut shell it allows us to query CDN nameservers as if we were coming from different subnets. as an example instead of getting 6 ip addresses for www.google.com. We get lots (see the end). the two scripts requiere a patch to dns.lua. As the scripts them self are a bit of a corner case and only useful against google (to my knowledge), i can understand if they are not committed but it would be nice if the patch to dns.lua is so the scripts work out of the box. cheers John nmap -sU -p 53 --script dns-client-subnet-scan --script-args dns-client-subnet-scan.domain=www.google.com ns1.google.com </p> Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-13 21:19 CET Nmap scan report for ns1.google.com (216.239.32.10) Host is up (0.013s latency). PORT STATE SERVICE 53/udp open|filtered domain | dns-client-subnet-scan: | 173.194.33.16 | 173.194.33.17 | 173.194.33.18 | 173.194.33.19 | 173.194.33.20 | 173.194.33.48 | 173.194.33.49 | 173.194.33.50 | 173.194.33.51 | 173.194.33.52 | 173.194.34.112 | 173.194.34.113 | 173.194.34.114 | 173.194.34.115 | 173.194.34.116 | 173.194.34.144 | 173.194.34.145 | 173.194.34.146 | 173.194.34.147 | 173.194.34.148 | 173.194.34.16 | 173.194.34.17 | 173.194.34.176 | 173.194.34.177 | 173.194.34.178 | 173.194.34.179 | 173.194.34.18 | 173.194.34.180 | 173.194.34.19 | 173.194.34.20 | 173.194.34.48 | 173.194.34.49 | 173.194.34.50 | 173.194.34.51 | 173.194.34.52 | 173.194.34.80 | 173.194.34.81 | 173.194.34.82 | 173.194.34.83 | 173.194.34.84 | 173.194.41.112 | 173.194.41.113 | 173.194.41.114 | 173.194.41.115 | 173.194.41.116 | 173.194.41.144 | 173.194.41.145 | 173.194.41.146 | 173.194.41.147 | 173.194.41.148 | 173.194.41.80 | 173.194.41.81 | 173.194.41.82 | 173.194.41.83 | 173.194.41.84 | 173.194.65.103 | 173.194.65.104 | 173.194.65.105 | 173.194.65.106 | 173.194.65.147 | 173.194.65.99 | 173.194.66.103 | 173.194.66.104 | 173.194.66.105 | 173.194.66.106 | 173.194.66.147 | 173.194.66.99 | 173.194.67.103 | 173.194.67.104 | 173.194.67.105 | 173.194.67.106 | 173.194.67.147 | 173.194.67.99 | 173.194.69.103 | 173.194.69.104 | 173.194.69.105 | 173.194.69.106 | 173.194.69.147 | 173.194.69.99 | 209.85.137.103 | 209.85.137.104 | 209.85.137.105 | 209.85.137.147 | 209.85.137.99 | 209.85.143.104 | 209.85.143.99 | 209.85.147.103 | 209.85.147.104 | 209.85.147.105 | 209.85.147.106 | 209.85.147.147 | 209.85.147.99 | 209.85.173.103 | 209.85.173.104 | 209.85.173.105 | 209.85.173.147 | 209.85.173.99 | 209.85.229.103 | 209.85.229.104 | 209.85.229.105 | 209.85.229.147 | 209.85.229.99 | 72.14.204.103 | 72.14.204.104 | 72.14.204.105 | 72.14.204.147 | 72.14.204.99 | 74.125.113.103 | 74.125.113.104 | 74.125.113.105 | 74.125.113.106 | 74.125.113.147 | 74.125.113.99 | 74.125.115.103 | 74.125.115.104 | 74.125.115.105 | 74.125.115.106 | 74.125.115.147 | 74.125.115.99 | 74.125.127.103 | 74.125.127.104 | 74.125.127.105 | 74.125.127.106 | 74.125.127.147 | 74.125.127.99 | 74.125.157.104 | 74.125.157.147 | 74.125.157.99 | 74.125.159.103 | 74.125.159.104 | 74.125.159.105 | 74.125.159.106 | 74.125.159.147 | 74.125.159.99 | 74.125.224.240 | 74.125.224.241 | 74.125.224.242 | 74.125.224.243 | 74.125.224.244 | 74.125.224.80 | 74.125.224.81 | 74.125.224.82 | 74.125.224.83 | 74.125.224.84 | 74.125.225.80 | 74.125.225.81 | 74.125.225.82 | 74.125.225.83 | 74.125.225.84 | 74.125.226.144 | 74.125.226.145 | 74.125.226.146 | 74.125.226.147 | 74.125.226.148 | 74.125.227.112 | 74.125.227.113 | 74.125.227.114 | 74.125.227.115 | 74.125.227.116 | 74.125.227.48 | 74.125.227.49 | 74.125.227.50 | 74.125.227.51 | 74.125.227.52 | 74.125.229.208 | 74.125.229.209 | 74.125.229.210 | 74.125.229.211 | 74.125.229.212 | 74.125.230.208 | 74.125.230.209 | 74.125.230.210 | 74.125.230.211 | 74.125.230.212 | 74.125.230.240 | 74.125.230.241 | 74.125.230.242 | 74.125.230.243 | 74.125.230.244 | 74.125.230.80 | 74.125.230.81 | 74.125.230.82 | 74.125.230.83 | 74.125.230.84 | 74.125.239.16 | 74.125.239.17 | 74.125.239.18 | 74.125.239.19 | 74.125.239.20 | 74.125.31.103 | 74.125.31.104 | 74.125.31.105 | 74.125.31.106 | 74.125.31.147 | 74.125.31.99 | 74.125.53.103 | 74.125.53.104 | 74.125.53.105 | 74.125.53.106 | 74.125.53.147 | 74.125.53.99 | 74.125.71.103 | 74.125.71.104 | 74.125.71.105 | 74.125.71.106 | 74.125.71.147 | 74.125.71.99 | 74.125.79.103 | 74.125.79.104 | 74.125.79.105 | 74.125.79.106 | 74.125.79.147 |_ 74.125.79.99 Nmap done: 1 IP address (1 host up) scanned in 4.50 seconds _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi John, Nice work! I will review the scripts and get back to you soon. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] edns-client-subnet-00 John Bond (Feb 13)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 16)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 19)
- Message not available
- I: [NSE] edns-client-subnet-00 Remo the Last (Feb 20)
- Re: I: [NSE] edns-client-subnet-00 John Bond (Mar 12)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 19)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 16)