Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: dns-fuzz script is not working with example usage command
From: John Bond <john.r.bond () gmail com>
Date: Tue, 28 Jan 2014 14:34:19 +0100

Hi Fabian,

As you point out DNS is required to work on via both TCP and UDP
although thats not always the case.  I think
the best behaviour for this script is to change the port rule to

portrule = shortport.port_or_service(53, "domain", {"tcp", "udp"})

As you proposed.  As to which protocol to use I think the ideal
behaviour would be
* If both protocols are open try udp and fall back to TCP.
* If just one protocol is open use only that one.

It is not obvious to me why this script is switching between comm.exchange
and dns.query.  Either way just patching the places where comm.exchange is
used will not solve the entire problem as dns.query does not support TCP
and will always use UDP.  As far as I know and having just taken a very
quick look there is no TCP support in the dns.lua library.

A better option would be patch dns.query and the corresponding
dns.sendPackets, to
support TCP queries as well, not sure how big a job this will be but I
suspect its not too difficult as nse socket lib would do most the heavy
lifting.  Although I suspect im missing something otherwise it would have
already been implemented.

Looking over a few of the other dns-* scripts, including ones i
authored, they all suffer from the
latter problem of always quering by UDP.  As to the port rule, the
ones i checked used:

portrule = shortport.port_or_service(53, "domain", {"tcp", "udp"})



P.S. Sorry if this is a double post i originally sent from an account
which i dont think is subscribed.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]