Nmap Development mailing list archives
Re: dns-recursion.nse Server Status Opcode 2 where comes from?
From: David Fifield <david () bamsoftware com>
Date: Tue, 16 May 2017 08:21:11 -0700
On Tue, May 16, 2017 at 04:08:25PM +0300, Yuri Slobodyanyuk wrote:
Good day everyone, I am trying to understand in running this script why does nmap (v7.01) send on every target as 1st packet Server Status request (OPCODE 2 https:// www.ietf.org/rfc/rfc1035.txt) ? Running on the same system "dig" does not produce it. I am asking because some vendors started blocking scans on this packet (scanning the same IPs using dig does not get me blocked) and basically I'd love to disable this feature. Thanks cmd: nmap -sU -P0 -p 53 --script=dns-recursion 8.8.8.8
The Server Status request happens during the port scan. For some specific UDP ports, Nmap sends a packet containing a payload rather than an empty packet. The payloads are stored in the file nmap-payloads. If you want to disable the payload, use "--data-length 0". https://nmap.org/book/man-port-scanning-techniques.html https://nmap.org/book/nmap-payloads.html Here is the entry in nmap-payloads: # DNSStatusRequest udp 53 "\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00" _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- dns-recursion.nse Server Status Opcode 2 where comes from? Yuri Slobodyanyuk (May 16)
- Re: dns-recursion.nse Server Status Opcode 2 where comes from? David Fifield (May 16)
- Re: dns-recursion.nse Server Status Opcode 2 where comes from? Yuri Slobodyanyuk (May 16)
- Re: dns-recursion.nse Server Status Opcode 2 where comes from? David Fifield (May 16)