mailing list archives
Re: new script tcp-connect.nse
From: David Fifield <david () bamsoftware com>
Date: Tue, 19 Jun 2012 10:25:54 -0700
On Sun, Jun 10, 2012 at 03:12:32PM +0300, Toni Ruottu wrote:
I wrote a new script last week. It connects to a tcp service to make
sure the port is really reachable. There are a few use cases for this
- The user runs a TCP SYN scan, and wants to separate oaks from
apples. Which open ports are really open, and which ones are merely
open in the firewall?
- The user runs a TCP connect scan against a firewall that sometimes
randomly fakes open ports. The second connect done by the script will
- The user scans a service which crashes after the scan reports it to
be open, and all other scripts fail to connect information from that
- The user scans a load balancer where the initial scan accidentally
hits a server that has an open port that its siblings are lacking.
First I thought this script would be too heavy for the default
category as it runs against most services. However, it would typically
never produce output when other scripts do. If both this one and some
other script produces output, that is something the user might want to
know. Also, if the user is running a script scan, it must at least be
ok to do full connections to the ports, so I think it should be ok to
run this script if the user asks for both -sS and -sC. Finally, open
ports not being open sounds generally like a useful thing to know.
This is an interesting idea. I don't think that it should be default. If
I were going to do this, I think I would just use -sV --version-light.
The services that can't be connected to will be "tcpwrapped".
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/