Nmap Development: Nuff DNS Server (dnsd)

[doug () hcsw org]

Hello everyone!

I have some bad news, some good news, and some better news.

In my nuff SoC proposal I suggested, among many other ideas, the
following nuff script:

* dnsd - A simple, extremely secure, caching DNS forwarder. dnsd
  will also use an experimental based-on-historical-patterns DNS
  pre-fetching algorithm which I am in the process of inventing.
  This should outperform BIND in a number of common cases.


The bad news is that dnsd has to be removed from consideration in
my SoC proposals.


The good news is that this is because I already implemented it as
an assignment for a networking class. dnsd is a success! Nuff
was a convenient, powerful, concise language for creating a DNS
server and it allowed me to spend more time researching and less
time developing.

We (Doug Hoyte and HCSW Labs) invented a DNS prediction algorithm
that outperforms BIND and other conventional DNS resolvers in a number
of common cases. You can read about the algorithm and view the
BIND vs dnsd benchmark graphs in our whitepaper here:

http://hcsw.org/nuff/papers/dnsd/

and you can download nuff version 1.2.1 which includes the
dnsd script and documentation from the nuff website:

http://hcsw.org/nuff/

With nuff installed, reading the help for dnsd is done like so:

$ nuff -help dnsd

and launching a caching, predictive DNS forwarder is as easy as:

# nuff dnsd -daemon -predict


The better news is that I am releasing a few more ideas to replace
dnsd on the public idea-list:

* dhclient - This is a nuff implementation of a DHCP client.
  Instead of configuring your system's IP stack with the
  DHCP results, however, it will configure certain nuff data
  structures. The idea is to be able to fake the presence of a host
  on a network, with a custom MAC address on up through the other
  network layers. This functionality will be very useful for other
  nuff utilities that require complete control of an IP/MAC address
  without your operating system filtering any outbound packets or
  sending any undesired replies.

  dhclient also has a DHCP stress-testing mode that attempts a denial
  of service attack by occupying all the allocated DHCP slots on a
  LAN and possibly muscling existing clients offline with ARP cache
  poisoning tricks.

* qscan - This is a nuff implementation of my Qscan patch to
  Nmap with some accuracy and speed improvements. Qscan uses
  round-trip time measurements to infer the presence of packet
  filtering devices like firewalls. Unlike other firewall discovery
  methods like TTL discrepancies and ed3f-style checksum techniques,
  hiding firewalls from qscan is difficult and inconvenient.

  Qscan as a patch for an older version of Nmap here:
  http://hcsw.org/nmap/nmap-4.20-qscan.patch

  Qscan documentation:
  http://hcsw.org/nmap/QSCAN

  Clarification on some documentation:
  http://seclists.org/nmap-dev/2006/q4/0296.html
  http://seclists.org/nmap-dev/2006/q4/0300.html

* reordermon - A packet re-ordering monitor. In most cases,
  packet queues on the internet use first-come first-serve
  queuing techniques so that packets are received in the same
  order that they are sent. When a certain type of packet is
  replied to by a device different than the ultimate destination
  host (like by a firewall that sends RSTs) then we can detect
  it by looking for packet re-ordering. By sending 2 packets
  in quick succession and looking for cases when we receive the
  responses back out of order, reordermon can detect these types
  of packet filters more efficiently and reliably than with qscan.
  Defending against reordermon is probably even more difficult than
  against qscan.


Best,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org