Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap SoC Ideas?

From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Wed, 24 Mar 2010 22:12:35 +0100
On 03/21/10 23:59, Ron wrote:

On Sun, 21 Mar 2010 14:53:04 -0700 Fyodor <fyodor () insecure org> wrote:

o [NSE] Maybe we should create a class of scripts which only run one
  time per scan, similar to auxiliary modules in Metasploit. We
  already have script classes which run once per port and once per
  host. For example, the once-per-scan class might be useful for
  broadcasted scripts such as NetBIOS, DHCP, etc.  We will of course
  need to have at least one such script to start out with. (suggested
  by Ron Bowes at http://seclists.org/nmap-dev/2010/q1/883).


If I can write two scripts of that type pretty easily when the time comes -- DHCP and NetBIOS. Can anybody suggest 
other broadcast protocols? 




IGMP is a "broadcasting" (actually multicasting as you all know)  protocol
for which a NSE script might be handy. I think there has previously been no
attempt to implement IGMP-related attacks and there are quite a few
possibilities here. The easiest part would be to forge some IGMP query
packets to elicit IGMP group information from a router or a host. This can
be done by sending a General Query packet to the all-hosts group (224.0.0.1).
Most probably, this script will be useful on local area networks, though it
could possibly be extended in the future for more advanced techniques.

-- ithilgore



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: