Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ncat should try connecting to all resolved addresses, not only the first one
From: David Fifield <david () bamsoftware com>
Date: Tue, 10 Sep 2013 14:54:16 -0700

On Mon, Sep 02, 2013 at 12:26:24PM -0400, Jaromir Koncicky wrote:
I made a patch which adds this functionality: if one resolved address fails, next one is tried.
You can find it there: https://bugzilla.redhat.com/show_bug.cgi?id=978964#c6

I am not very familiar with the code, so I'd like to consult how to do
this better. I don't think the way I made it is ideal and would like
to make it more acceptable.

Thanks for the patch.

I agree with Thomas Hozza's comments at
https://bugzilla.redhat.com/show_bug.cgi?id=978964#c7.

You can't use global state in the resolver. What you will want to do is
store all the potential addresses of the target in ncat_main.c. Then in
ncat_connect, call nsock_connect_{tcp,ssl,sctp,udp} with the first
address. Then, in connect_handler, if the connection timed out, do
another nsock_connect_{tcp,ssl,sctp,udp} on the next address.

The changes aren't trivial, and I'm also not sure they are completely
specified--for example, what should happen if a port is closed on IPv6
but open on IPv4? Is "connection refused" the same as "timed out" for
the purposes of attempting to reconnect? Suppose it does, you have a
script that relies on this behavior--then what happens if someone
manages to open the IPv6 port and intercept your connection?

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault