Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dns-recursion.nse Server Status Opcode 2 where comes from?

From: David Fifield <david () bamsoftware com>
Date: Tue, 16 May 2017 08:21:11 -0700
On Tue, May 16, 2017 at 04:08:25PM +0300, Yuri Slobodyanyuk wrote:

Good day everyone,
I am trying to understand in running this script why does nmap (v7.01) send on
every target as 1st packet  Server Status request (OPCODE 2 https://
www.ietf.org/rfc/rfc1035.txt)  ? Running on the same system "dig" does not
produce it.
I am asking because some vendors started blocking scans on this packet
(scanning the same IPs using dig does not get me blocked) and basically 
I'd love to disable this feature.
Thanks
cmd: nmap -sU -P0 -p 53 --script=dns-recursion 8.8.8.8


The Server Status request happens during the port scan. For some
specific UDP ports, Nmap sends a packet containing a payload rather than
an empty packet. The payloads are stored in the file nmap-payloads. If
you want to disable the payload, use "--data-length 0".

https://nmap.org/book/man-port-scanning-techniques.html
https://nmap.org/book/nmap-payloads.html

Here is the entry in nmap-payloads:

# DNSStatusRequest
udp 53 "\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00"
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: