mailing list archives
Re: ncat should try connecting to all resolved addresses, not only the first one
From: Fyodor <fyodor () nmap org>
Date: Sun, 15 Dec 2013 23:06:18 -0800
On Sun, Dec 15, 2013 at 12:53 PM, Jacek Wielemborek <d33tah () gmail com>wrote:
15/12/2013 12:35:09 Fyodor <fyodor () nmap org>:
You only meant that you support integrating the "try out all the A records"
approach, not this "enforce -4 or -6" policy?
Yeah, I support the idea of trying other A/AAAA records and other protocols
for TCP connections if previous ones timed out or errored (including
connection refused error). Of course if a user explicitly specifies -4 or
-6, then we should only use the specified protocol. But we can still try
any other A/AAAA records if there are more than one.
Regarding warning a user about the chosen protocol when a user specifies
neither -4 nor -6 ... maybe we don't need the warning since users should
see the actual chosen address in verbose mode anyway:
$ ncat -v scanme.nmap.org 80
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 18.104.22.168:80.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/