[NSE] Dual-stack (IPv4/6) bug/feature?

[John Bond <john.r.bond () gmail com>]

Hi List,

I have noticed an issue with scanning host that is dual stacked. As in
it has both an A and AAAA record associated with the name.  The issue
occurs when a port is open on v4 but not v6.  When nmap scans the host
www.example.com by default will only scan A records (correct me if im
wrong).  However when an nse script using nsock passes the same
hostname  the AAAA record is preferred.  if the port is only open on
v4 then the script will fail.

here is the output from me running the one of the hadoop scripts
against a host which has the setup outlined above (real
addresses/hostnames have been altered) http://pastebin.com/eGPWiapd

I tried to trace this and im pretty sure it is in the nsock c code.
Although i have to admit it was a while since i last looked at this
and when i dug into the c code i got a bit lost.  Im not sure if this
is a bug or more precisely where the bug lies.  however i think a good
fix would be to ensure nsock prefers A records unless nmap is run with
the -6 flag.

It is difficult for me to test as i noticed the issue at work and i
dont have and ipv6 prefix at home.  That said if you want me to send
more information or try and find a simpler script which produces the
same problem let me know

john
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/