Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: Nmap compliance with new RFC 3514
From: "James D. Levine" <levine () vinecorp com>
Date: Tue, 1 Apr 2003 00:33:44 -0800
[ More thoughts on RFC3514 compliance -- redirected from nmap-hackers
  to nmap-dev.  Side-note: Sometimes I seriously do consider a
  robots.txt-like mechanism (obviously implemented very differently)
  for allowing to targets to specify how/wether they wish to be
  probed.  It is not on my near-term TODO though.
  --Fyodor ]

This is a tough one.  It seems to me that Nmap has always struck
the right balance between strict compliance and useful bending of
the rules.  Nmap should default to a conservative,
fully-compliant setting, but allow full control for more
advanced, deliberate use.

For RFC 3514 this properly translates to default E=0 for -sT, and
E=1 for all other scan types.  I'm for a command-line switch.  A
--evil switch can override to force E=1 for all scan types.  For
E=0 override there would be the complimentary --good, or
--innocent (for strict compliance).

One can imagine --evil will be very welcome among the novice
hackers early in their careers, as they take those first hesitant
steps towards evil hacking.

It might be more useful to have pre-defined profiles, similar to
the existing timing switches (Paranoid, Sneaky, Polite, etc.):

 --evil             E=1 for all scans
 --good             E=0 for all scans
 --wanna-be-evil    E=1, forces -sT scan sequential ports/addresses
 --l337-h4X0r       E=0, forces IP range = www.asiankitty.com
 --evil-genius      E=n/a, nmap successfully predicts movements
                           in the stock market via a complicated 
                           alogorithm scanning Fortune 500 sites

I suggest those only as a first swipe at the problem.

I'm troubled by some of the deeper implications and
interpretations of an --evil switch, but will restrain myself
from further exploration, pending the many intelligent analyses
of the RFC forthcoming on this list and elsewhere.

James



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]