Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 29 Nov 2011 21:00:44 +0100

On Tue, Nov 29, 2011 at 9:57 AM, Gorjan Petrovski <mogi57 () gmail com> wrote:

Hey guys,

Patrik, the library is so nice and clean. Wow!


Firstly I would say that probing such a large range of ports is a bad
idea for a service which is not that important (such as Vuze; feel
free to disagree with me, I'd love to hear your opinion). Furthermore,
it defies the rarity value of 8, as David once mentioned in one of the
backorifice probe threads [1].

I've read the post and agree with you. I'm thinking of going with the
single lowest recommended port and setting rarity to 9.
There's always a way to force the script to run using the allports
parameter and hopefully using Martins force patch soon anyway.

I looked through the vuze dht specs and they're not as precise as the
bittorent ones. I need to mention that not all bittorrent peers were
DHT nodes, but looking through the vuze docs intuitively I'd say that
all vuze peers are vuze nodes, but this is not clear from the

The bittorrent library/script was made as a method for discovery of
bittorrent peers and bittorrent nodes. In fact the reason there isn't
a bittorrent probe is because bittorrent too, like vuze, can run on a
wide range of ports. So I'd suggest finding out the way that vuze
get's it's initial node ID's or IP:Port's.

One difference is that with the vuze-dht-info script I was hoping to
discover Vuze nodes on the LAN.
I guess this could still be done using the --version-all or force approach.

By a rule of thumb randomizing the ID would be the way to generate it.
I also think it's what the documentation says you should do. I presume
that randomizing the node ID and making several requests with
different ID's would get you different sets of nodes (in other words,
more nodes, which is what you want), but only an experiment would
confirm this because it is also not clear from the documentation.

When I tried this before against a single host, ie. running the
vuze-find-nodes multiple times against a single IP, all I got was the same
20 IP's.

I didn't understand if you tried this, but once you get your 20 nodes,
issuing FIND_NODE to each of them should get you more nodes. It all
depends on whether they return nodes closest to them, closest to your
ID, or closest to your IP. IP is worst, since they'll always return
the same 20 nodes.

Currently the script only queries the one node and does not continue to
query any discovered ones.
I guess, if we would like to do this, we could add a script argument to
control whether to do so or not.

Thanks for your insight/help Gorjan!

[1] http://seclists.org/nmap-dev/2011/q2/124

Patrik Karlsson
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]