new script tcp-connect.nse

[Toni Ruottu <toni.ruottu () iki fi>]

  Hey folks,

I wrote a new script last week. It connects to a tcp service to make
sure the port is really reachable. There are a few use cases for this
script.
- The user runs a TCP SYN scan, and wants to separate oaks from
apples. Which open ports are really open, and which ones are merely
open in the firewall?
- The user runs a TCP connect scan against a firewall that sometimes
randomly fakes open ports. The second connect done by the script will
fail.
- The user scans a service which crashes after the scan reports it to
be open, and all other scripts fail to connect information from that
port.
- The user scans a load balancer where the initial scan accidentally
hits a server that has an open port that its siblings are lacking.

First I thought this script would be too heavy for the default
category as it runs against most services. However, it would typically
never produce output when other scripts do. If both this one and some
other script produces output, that is something the user might want to
know. Also, if the user is running a script scan, it must at least be
ok to do full connections to the ports, so I think it should be ok to
run this script if the user asks for both -sS and -sC. Finally, open
ports not being open sounds generally like a useful thing to know.

  Cheers, --Toni

Attachment: tcp-connect.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/