Nmap Development mailing list archives
nmap & tor
From: "J.J.Green" <j.j.green () sheffield ac uk>
Date: Wed, 18 May 2005 22:54:23 +0100 (BST)
Hi nmappers I've been experimenting with Tor http://tor.eff.org/ for the last couple of days and was wondering how well nmap would play with it. Tor runs a SOCKS server and forwards connections through a series of routers; the connections emerge from the network on a random node and it is apparently rather difficult to identify the source of the conections. I used the transparent socks wrapper tsocks to forward nmap's connections through the tor network. This seems to work OK, but I did notice a few oddities: Here "home" & "work" are machines I run, each behind a firewall with the home machines firewall being "hfw" - running tsocks nmap -P0 -p22 hfw on "work" as a normal user results, usually, in Starting nmap 3.81 Mismatch!!!! we think we have port 22 but we really have a different one Interesting ports on hfw (x.x.x.x): PORT STATE SERVICE 22/tcp open ssh Nmap finished: 1 IP address (1 host up) scanned in 0.747 seconds which is correct -- but is the warning significant? - occasionally the same command will return PORT STATE SERVICE 22/tcp filtered ssh Nmap finished: 1 IP address (1 host up) scanned in 12.020 seconds I guess that this is connection timeout on the tor network (note scan time). - running "tsocks nmap" as root seems to always make a direct connection and not use the socks proxy at all (the only time Ive ever seen root able to do less than a normal user!) I found this out by running tsocks nmap -P0 -p80 hfw at "work" as different users, and looking at the firewall logs. I think that this is something to do with how tsocks runs (using LD_PRELOAD) but I'm not clear on the details. - running tsocks nmap -P0 -p22 hfw at "home" always gives a PORT STATE SERVICE 22/tcp filtered ssh Nmap finished: 1 IP address (1 host up) scanned in 12.129 seconds Again I think this is tor network latency, but is there any way to adjust this? --max_rtt_timeout seems to have no effect. Does anyone have any ideas or other tips for using tor & nmap? Cheers! -j -- J. J. Green, Department of Applied Mathematics, Hicks Bd., Hounsfield Rd., University of Sheffield, Sheffield, UK. +44 (0114) 222 3742, http://www.vindaloo.uklinux.net/jjg _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- nmap & tor J.J.Green (May 18)
- <Possible follow-ups>
- nmap & tor mattmurphy () kc rr com (May 18)