On Thu, Mar 17, 2011 at 10:54:44PM +0100, John Bond wrote:
On 17 March 2011 21:53, John Bond <john.r.bond () gmail com> wrote:
On 17 March 2011 21:26, David Fifield <david () bamsoftware com> wrote:
Okay, that's good. But let's not worry about these until after the
dns-nsec-enum script is merged; we have no use for NSEC3 at the moment.
yes i agree however just keep in mind that the current nsec3 stuff i
have submitted doesn't work and im not sure how easy it would be to
remove it without breaking the nsec script
also i am making some progress with the nsec3 script :)
Ok i have a very early nsec3 enumeration script. at the moment you
will have to run it in debug. Also it will never end in fact thats
one reason i wanted to post so early because i dont know what to do
You don't run forever--run until every hash value is accounted for.
Guess a name, and suppose that an NSEC3 comes back with values 246e6bbc
and 27fb6080. Now you know that 246e6bbc and 27fb6080 exist, and nothing
between them does. So now you guess more names until you end up in the
range 0-246e6bbb or 27fb6081-ffffffff, then make your query. Just keep
track of the ranges that you are missing until there are none left. If
you do the hashing locally, you can avoid sending a query when its hash
falls in a range you already know.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/