mailing list archives
Re: NSEC Enumeration script
From: David Fifield <david () bamsoftware com>
Date: Mon, 28 Feb 2011 16:15:19 -0800
On Sat, Feb 26, 2011 at 01:11:34PM +0100, John Bond wrote:
On 26 February 2011 10:27, David Fifield <david () bamsoftware com> wrote:
also removed anything I was unsure was necessary, again with the goal of
having a simpler script. For example, I removed the special wildcard
detection because I wasn't having a problem without it and I suspected
it may have been necessary because of a bug elsewhere. It's possible I'm
wrong about this, so please test it with the environment that was giving
you trouble before.
I am still having problems with this, ill send you the domain im using
of list. once i have digested all your changes ill try adding a
better fix like i said in the comments the detection i added was only
a hack so i will try and adapt the dns library.
Thanks, I tried the domain you gave me and got an infinite loop on a
wildcard too. I edited the script to check for a NSEC record before
checking whether the query succeeded, and also made it use the
lower-level retPkt structures to get at the extra information we need.
It stopped the loop in this case, at least. Please give r22408 in
one miner thing i noticed in your comments you referenced the rfc for
domain labels but you missed one, not sure if this is the best text to
The symbolic name of the desired service, as defined in Assigned
Numbers [STD 2] or locally. An underscore (_) is prepended to
the service identifier to avoid collisions with DNS labels that
occur in nature.
Thanks, I just added that one.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/