Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ncat - proxy behavior / dns lookup / bug?
From: David Fifield <david () bamsoftware com>
Date: Fri, 15 Jun 2012 06:24:57 -0700

On Thu, Jun 14, 2012 at 06:25:24PM +0200, Florian Roth wrote:
Recently I carried out of an audit at a client's network in which I
tried to connect trough the clients proxy server (HTTP, HTTPS) to
another ncat instance running on a remote server.
Workstations in the clients internal network cannot resolve host names
located in the Internet. The internal DNS only resolves internal host
names. I though - wow, cool, ok, it's safer that way. But than I
noticed that ncat tries to resolve the DNS addresses given as
parameters and fails.

ncat --proxy proxy.company.net:8080 www.web.de 80
.. cannot resolve www.web.de ...

Therefore I tried this

ncat --nodns --proxy 10.1.1.250:8080 www.web.de 80
.. cannot resolve www.web.de ...

I tried to connect to the IP but the proxy was configured to deny all
requests made to IP addresses.

My final impression is that this is a bug, because ncat should not try
to resolve the host name to an IP address before sending the request
to the proxy server.
It should be the task of the proxy server to resolve the IP.

I agree that Ncat shoud use the proxy to resolve the name when possible.
According to my understanding, this is possible with SOCKS4a, SOCKS5,
and HTTP proxies, but not SOCKS4.

This would require some changes to the structure of the code, because if
I remember correctly, Ncat resolves the destination address shortly
after option parsing.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]