Re: Andrew's Status Report - #8 of 17

[Jacek Wielemborek <d33tah () gmail com>]

W dniu 23.06.2015 o 08:20, Andrew Jason Farabee pisze:
> Accomplishments:
>  * Tested nmap-nseportscan-socks4a using nse scripts on tor hidden services.
>  * Wrote instructions to nmap-dev on how to use the current
> nmap-nseportscan-socks4a branch to scan and run scripts against tor
> hidden services.
>  * Posted nmap-nseportscan-socks4a instructions to reddit and some irc
> channels in order to solicit testing and feedback.

Another great report! :)

Hope you won't mind linking to the reddit thread for future reference:

https://www.reddit.com/r/TOR/comments/3akruv/nmap_how_to_scan_tor_hidden_services/

29 upvotes in two days, nice! :) That's much more than 10% of 228
upvotes the most popular thread there has.

I just had a thought about speeding up connectscan.nse. The biggest
difference between -sT and -sK right now is lack of congestion control.
CC is definitely the best way to increase the reliability of a stateful
scanner like Nmap on the Internet and traditional networks, but it might
be that Tor already uses some mechanism that we could adjust for, most
preferably in a separate script like connectscan-tor.nse.

Perhaps you could subscribe to tor-dev and ask them what's the best
approach when portscanning hidden services using SOCKS4a? I once read a
paper where the researchers modified the SOCKS4a proxy to get better
error detection, but I'd rather avoid that. Instead, my question is -
does Tor throttle connections if you make too many of them in a given
timeframe? If not, is there a specific number of connections that is
sane to establish at once or does it depend on some factors? I know that
this might sound confusing, so if it's not clear to you, ask for
details, might be off-list if you prefer.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/