Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: GSoC : CPE , SCTP ,Update feed
From: David Fifield <david () bamsoftware com>
Date: Wed, 6 Apr 2011 13:37:18 -0700

On Sun, Apr 03, 2011 at 06:15:09PM +0530, ambarisha b wrote:
On Fri, Apr 1, 2011 at 11:16 AM, David Fifield <david () bamsoftware com> wrote:
One more idea I had in mind was adding SCTP support for NSE.But there
was mention of some problems being reported about the SCTP
functionality.First that has to be investigated.

I don't remember hearing of problems with SCTP in NSE? Can you remind me
what they were?

May be I was a bit unclear,I meant the normal -sY/-sZ scans.Have a
look at this discussion tagged in the
todo:http://seclists.org/nmap-dev/2009/q2/672.It might just be a
misconfiguration in the network.Still its worth a look.Presently, I
get all the ports filtered.Perhaps, scanme.csnc.ch is now firewalled ?

The idea is to add SCTP support for NSE.I was hoping to add
functionality to parse SCTP headers for packet module in NSE, to get a
clear idea of what would be involved as a mockup. What do you say ?

I think that making socket:connect(host, port, "sctp") is a better thing
to do first. Raw packet parsing is necessary less often.

I also read about the update feed mechanism which ,I think, is a
crucial feature.I have yet to study the update feed mechanisms of
Metasploit vs OpenVAS.I will try to make a draft of advantages of each
if needed.I will get back as soon as I have progress to report.

I looked at the thandy updater, but there was a little problem as
their demo link isn't working.I also came across this other framework
TUF written by the authors of the linked paper on attacks targeting
packet managers.It hasn't undergone much testing,but is worth a look.I
still need to research a bit more on this to write a concrete
proposal.Are we targeting at a complete software updater or just the
databases and the scripts?Any particular inclinations or other
requirements?I guess, it will also become easy to apply patches after
this, right?

Focus on a complete updater. A script-only updater would be
straightforward enough, but it has the problem of incompatible binaries.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]