Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: ncat should try connecting to all resolved addresses, not only the first one
From: Fyodor <fyodor () nmap org>
Date: Sun, 15 Dec 2013 23:06:18 -0800

On Sun, Dec 15, 2013 at 12:53 PM, Jacek Wielemborek <d33tah () gmail com>wrote:

15/12/2013 12:35:09 Fyodor <fyodor () nmap org>:

You only meant that you support integrating the "try out all the A records"
approach, not this "enforce -4 or -6" policy?

Yeah, I support the idea of trying other A/AAAA records and other protocols
for TCP connections if previous ones timed out or errored (including
connection refused error).  Of course if a user explicitly specifies -4 or
-6, then we should only use the specified protocol.  But we can still try
any other A/AAAA records if there are more than one.

Regarding warning a user about the chosen protocol when a user specifies
neither -4 nor -6 ... maybe we don't need the warning since users should
see the actual chosen address in verbose mode anyway:

$ ncat -v scanme.nmap.org 80
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]