Nmap Development mailing list archives
Re: [Paper] New Idle Scan Techniques
From: Mathias Morbitzer <m.morbitzer () student ru nl>
Date: Tue, 28 May 2013 15:08:50 +0200 (CEST)
----- Original Message -----
From: "David Fifield" <david () bamsoftware com> To: "Mathias Morbitzer" <m.morbitzer () student ru nl> Cc: dev () nmap org Sent: Monday, 27 May, 2013 11:33:52 PM Subject: Re: Re: [Paper] New Idle Scan Techniques On Mon, May 27, 2013 at 11:24:55AM +0200, Mathias Morbitzer wrote:My name is Moe, I'm currently working on my thesis to finish my studies in computing security. In my work, I analyzed if the TCP Idle Scan can be ported from IPv4 to IPv6. To tell you the answer: With some modifications, yes, it can! An article and my final thesis with the details are planned to be published in summer/fall. But enough of the advertisement. After creating a proof of concept with scapy, I would like to implement the TCP Idle Scan in IPv6 in Nmap, but I have a hard time on deciding which implementation method to choose: Implementing it directly in the Nmap-core or creating a lua-script. For me, the more logical would be the core, but then I found this post from Henri in which he patched Nmap so that he can create the RST rate limit scan with NSE. (Which is somehow similar to the TCP Idle Scan in IPv6) Now, my question is: Which way of implementing my scan would you recommend?Writing in Lua and NSE is likely to be better for prototyping your idea. The infrastructure to allow NSE to set port states is not in place. But what you can do is make a hostrule script that does the idle scan and then displays the results as ordinary script output. David Fifield
I tried now to understand idle_scan.cc, and I discovered that a lot of the functionality that I need to implement for my scan already exists in there. In fact, to get my scan working, I mostly have to add some things, but I can use basically everything what is in there. Also, I already have a prototype for my scan, so now I would like to implement "the real thing". Therefore, I decided that I will try to extend the C++ code. Thanks for helping me making a decision. I hope I can soon provide a patch for the new idle_scan.cc. Further comments and ideas are welcome! Regards, Moe _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Re: [Paper] New Idle Scan Techniques Mathias Morbitzer (May 27)
- Re: Re: [Paper] New Idle Scan Techniques David Fifield (May 27)
- Re: [Paper] New Idle Scan Techniques Mathias Morbitzer (May 28)
- [PATCH] TCP Idle Scan in IPv6 Mathias Morbitzer (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 Paulino Calderon (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 Luis MartinGarcia (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 Mathias Morbitzer (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 David Fifield (Jun 29)
- Re: [PATCH] TCP Idle Scan in IPv6 David Fifield (Jun 29)
- Re: Re: [Paper] New Idle Scan Techniques David Fifield (May 27)