Re: general scanning engine - request for comments :)

[Fyodor <fyodor () insecure org>]

On Sat, Jul 15, 2006 at 01:24:45AM +0200, majek04 wrote:
> Woops. My mistake. Now, by saying connect() I mean what nsock :)
> Isn't nsock supporting udp?

Yes, it does.  Version detection uses nsock for UDP.  I thought you
were referring to -sT scans.

> Probably it wouldn't become default implementation.
> But when we'll implement this we could separate
> our engines. With proxy engine that doesn't need root,
> and with ultra_scan that needs privileges.

Yeah, we can definitely evaluate which connect-scan implementation is
best as the default if we end up with two of them.

> > If you find an elegant way to handle this, go for it.  Otherwise, I
> > think keeping forward DNS resolution as is for now is OK.  But I can
> > definitely see us possibly wanting to add remote host DNS in the
> > future, so do try to keep that in mind.  We may want to give a privacy
> > warning message if the user DOESN'T specify -n.
> What I would need, is doing forward dns queries in the last moment,
> just before ip number is needed.

Yeah.  That would be a big change that may not be worthwhile unless
you find an elegant way to do it.  I don't want to spread DNS
resolution all over the code base.  We don't have to support all the
corner cases (NTLM authentication is one example that we probably
don't need at first).  There will always be a need for more
specialized tools (maybe even Nmap+LUA) that people can use for those
corner cases.  We just need to solve the most common problems in an
efficient and easy to use way.  It should also be extensible so we can
add new technology when it sprouts up anew, or if previous corner
cases like IPv6 become mainstream.

> > Maybe they can just use -P0.  I tend to think another warning message is warranted here if they use proxy scan but 
> > don't specify -P0.
> I think by default -P0 should be assumed when doing proxy-scanning.
> But maybe in future we should implement some type of '-PS' through proxy.

There are times when people may still want host enumeration, and it is
important to keep Nmap behavior consistent.  Even Idle scan does host
discovery by default, though it gives a very prominant warning and I
think even waits some seconds for the user to press ^C.  For
consistency, I think we should treat proxy scan the same way.  Or we
can change and document the new behavior for both.  But if we do that,
it must still be possible for users to ask for host discovery if they
do want it.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev