Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ncat should try connecting to all resolved addresses, not only the first one
From: Jaromir Koncicky <jkoncick () redhat com>
Date: Mon, 16 Dec 2013 11:16:34 -0500 (EST)

I'm really glad to see that you are going to review and eventually integrate the patch.
Just to remind, be sure that you use the newest patch where I eliminated the 'targetaddrs_allocated' variable and tried 
to add new tests for this feature: http://seclists.org/nmap-dev/2013/q4/269
Personally I think the patch should not cause any bugs/problems, but if you find anything like this, or if you have any 
ideas how to do something better etc, tell me.
Otherwise you can apply this patch as is.

Cheers,
Jaromir

----- Original Message -----
From: "Fyodor" <fyodor () nmap org>
To: "Jacek Wielemborek" <d33tah () gmail com>
Cc: "Nmap Development List" <dev () nmap org>
Sent: Monday, December 16, 2013 8:06:18 AM
Subject: Re: ncat should try connecting to all resolved addresses, not only     the first one

On Sun, Dec 15, 2013 at 12:53 PM, Jacek Wielemborek <d33tah () gmail com>wrote:

15/12/2013 12:35:09 Fyodor <fyodor () nmap org>:

You only meant that you support integrating the "try out all the A records"
approach, not this "enforce -4 or -6" policy?


Yeah, I support the idea of trying other A/AAAA records and other protocols
for TCP connections if previous ones timed out or errored (including
connection refused error).  Of course if a user explicitly specifies -4 or
-6, then we should only use the specified protocol.  But we can still try
any other A/AAAA records if there are more than one.

Regarding warning a user about the chosen protocol when a user specifies
neither -4 nor -6 ... maybe we don't need the warning since users should
see the actual chosen address in verbose mode anyway:

$ ncat -v scanme.nmap.org 80
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 74.207.244.221:80.

Cheers,
Fyodor
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]