Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: dns-fuzz script is not working with example usage command
From: John Bond <john.r.bond () gmail com>
Date: Tue, 11 Feb 2014 22:31:34 +0100

I forgot to say tcp is painfully slow

TCP
time ~/nmap/bin/nmap   -sS -p 53  --script dns-client-subnet-scan
--script-args dns-client-subnet-scan.domain='www.google.com'
216.239.34.10
Nmap done: 1 IP address (1 host up) scanned in 722.32 seconds
      722.33 real         0.86 user         0.35 sys

VS UDP
Nmap done: 1 IP address (1 host up) scanned in 15.13 seconds
       15.13 real         0.18 user         0.04 sys

Thats 47 X longer over TCP.  Even taking into account that we have to
establish a socket for each tcp connection this still seems way to
long.  Not sure why but its worth mentioning

john

On 11 February 2014 20:48, John Bond <john.r.bond () gmail com> wrote:
I think this addresses your comments.  I also added in checks so the
script dosn't run against the tcp port if udp looks like it is open.
let me know what you think

On 11 February 2014 00:05, John Bond <john.r.bond () gmail com> wrote:
Fair point daniel,  ill take a look at dns-client-subnet later in the week

On 10 February 2014 22:20, Daniel Miller <bonsaiviking () gmail com> wrote:
On 02/10/2014 02:55 PM, John Bond wrote:

There was a small bug when dealing with servers that time out.  I have
added a fix and also enabled tcp support for the dns-nsec-enum and
dns-client-subnet scripts


John,

Thanks for continuing to work on this. I see the utility of the fix to
dns.lua and dns-nsec-enum. I'm not sure about the patch to
dns-client-subnet-scan, though.

The script currently runs as a prerule and as a portrule script, requiring
the dns-client-subnet-scan.domain argument for the domain name to perform a
lookup on. For the portrule, your patch works. For the prerule case, it will
fail because the port argument to the action function is nil. There should
be a check for this in the script.

Additionally, the script should probably not run as a portrule when
dns-client-subnet-scan.nameserver script-arg is given, otherwise it will
continue to perform the same lookup against the same nameserver for every
port 53 that is discovered.

Dan

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault