Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

SOCKS4A Implementation Issues - Request for Comments

From: Andrew Jason Farabee <afarabee () uci edu>
Date: Tue, 9 Jun 2015 03:59:39 -0700
Hello again,

Now that the socks4a proof of concept is working (
http://seclists.org/nmap-dev/2015/q2/231), there are several design issues
that could use community feedback and discussion before this project moves
forward.

1.  Currently the PoC doesn’t disrupt DNS resolution.  It uses existing
hostname variables from l_connect or handle_state_init_socks4a in order to
create packets for establishing a tunnel.  So far we have discussed
implementing a method for synchronous DNS resolution that would either pass
the sockaddr_storage or provide the target name for nsock_proxy_socks4a,
but we need some ideas about where this should be done.

2.  This is sort of in the same vein, but we need to prevent DNS resolution
of the targetname if a socks4a proxy is being used.

3.  We need to find a way of allowing port scanning through socks4a.
Depending on how we decide to handle this, it could require a lot of
additional changes.  If anyone has ideas on how we can solve this, it would
be very appreciated! Some of the options we discussed were:
  *  Fixing congestion control issues with d33tah’s nsock scanning engine
(nmap_nsock_scan) and implementing socks4a in that.
  *  Using Henri’s NSE interface patch for specifying how to scan ports.
  *  Bypassing port-scanning by allowing scripts, service-fingerprint, etc.
to assume that the port is open.

4.  We need to decided how to handle cases where socks4a proxies are listed
in a proxy chain that includes other proxy types.  For example, if a
socks4a proxy is supposed to create a tunnel to an http proxy, we need to
consider if/how to also prevent DNS resolution of the http proxy URI.  If
anyone knows of any other issues that could come up with adding socks4a to
proxy chains, please let me know.

5.  We need to decide how the socks4a will integrate with the current code
for socks4 and the general proxy code.

Please bring up any issues that aren’t in these categories as well in case
we missed it.  Hopefully I will be able to create a good amount of work for
myself by the time my classes end Wednesday!

Thanks,
Andrew Farabee

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: