Re: [NSE] New scripts vuze-dht-info, vuze-find-nodes

[Patrik Karlsson <patrik () cqure net>]

On Tue, Nov 29, 2011 at 9:57 AM, Gorjan Petrovski <mogi57 () gmail com> wrote:

> Hey guys,
>
> Patrik, the library is so nice and clean. Wow!
Thanks!


> Firstly I would say that probing such a large range of ports is a bad
> idea for a service which is not that important (such as Vuze; feel
> free to disagree with me, I'd love to hear your opinion). Furthermore,
> it defies the rarity value of 8, as David once mentioned in one of the
> backorifice probe threads [1].

I've read the post and agree with you. I'm thinking of going with the
single lowest recommended port and setting rarity to 9.
There's always a way to force the script to run using the allports
parameter and hopefully using Martins force patch soon anyway.


> I looked through the vuze dht specs and they're not as precise as the
> bittorent ones. I need to mention that not all bittorrent peers were
> DHT nodes, but looking through the vuze docs intuitively I'd say that
> all vuze peers are vuze nodes, but this is not clear from the
> documentation.
>
> The bittorrent library/script was made as a method for discovery of
> bittorrent peers and bittorrent nodes. In fact the reason there isn't
> a bittorrent probe is because bittorrent too, like vuze, can run on a
> wide range of ports. So I'd suggest finding out the way that vuze
> get's it's initial node ID's or IP:Port's.

One difference is that with the vuze-dht-info script I was hoping to
discover Vuze nodes on the LAN.
I guess this could still be done using the --version-all or force approach.


> By a rule of thumb randomizing the ID would be the way to generate it.
> I also think it's what the documentation says you should do. I presume
> that randomizing the node ID and making several requests with
> different ID's would get you different sets of nodes (in other words,
> more nodes, which is what you want), but only an experiment would
> confirm this because it is also not clear from the documentation.


When I tried this before against a single host, ie. running the
vuze-find-nodes multiple times against a single IP, all I got was the same
20 IP's.


> I didn't understand if you tried this, but once you get your 20 nodes,
> issuing FIND_NODE to each of them should get you more nodes. It all
> depends on whether they return nodes closest to them, closest to your
> ID, or closest to your IP. IP is worst, since they'll always return
> the same 20 nodes.

Currently the script only queries the one node and does not continue to
query any discovered ones.
I guess, if we would like to do this, we could add a script argument to
control whether to do so or not.

Thanks for your insight/help Gorjan!


> [1] http://seclists.org/nmap-dev/2011/q2/124
//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/