Re: Diet Nmap v3.95 Released

[Fyodor <fyodor () insecure org>]

On Mon, Dec 12, 2005 at 01:00:12PM +0100, Martin Macok wrote:
> Great work (especially for the diet thing)!
>
> I have adapted my various older (pending) patches for 3.95 if anyone
> is interested (I hope I didn't break it while adapting to new diet):
>
> http://Xtrmntr.org/ORBman/tmp/nmap/

Thanks, Martin.  You have done many great patches in the past.  Many
have been integrated into base Nmap, and I'm sure the others were
useful to many users (manually applied) as well.  So I just took a
look at what you have there:

== nmap-3.93-service-probes.patch ==

Adjusts some service probes to be more accurate.  Applied for the next
version of Nmap.

== nmap-3.30-data.patch ==

This changes the name of the dhcpserver/dhcpclient ports to
bootps/bootpc.  While I recognize that IEEE uses the latter name, I
think more people are likely to recognize the former.  I have shortened
them to dhcps/dhcpc though.  Your patch also adds a couple new
service, which I have added for the next version.

== nmap-3.30-idle.patch ==

This patch allows a user to specify that SYN packets should be sent to
the Idle proxy to probe for IPID rather than the default SYN/ACK.  I
can see hypothetical cases where this could be useful, but it is
pretty obscure.  Do you use this a lot?  Can you describe the
benefits?  Unless I hear from more people that are interested in it,
maybe it should be kept as a patch that people who want the feature
can apply.

== nmap-3.78-option-max_retransmissions.patch ==

Looks good!  I applied this, though with a bunch of changes.  I named
the option --max_retries (shorter, if not quite as descriptive) and
made the values a little less aggressive.  I also decided to allow
--max_retries 0 in case you don't want any retries at all (only
advisable for informal surveys and other cases where missing occasional
ports/hosts is acceptable).

== nmap-3.81-osscan_no_ports_reuse.patch  ==

This will break (ignore) -g for OS scan, and I'm uncomfortable with
the way it sets o.magic_port in osscan.cc.  That value is really
"supposed" to be read only, though it isn't enforced in the code. 

== nmap-3.81.top14-ports ==

This is a patch to NmapFE to add an option to scan just the "top 14"
ports.  Did you come up with these values from empirical scanning?  I
wouldn't mind adding an option like this, but I'd like to see good
reasoning for choosing a particular set of ports.  Maybe this list
should be expanded to top 30 instead?

== nmap-3.84ALPHA2-sf_misc.patch  ==

This makes minor nmap-service-probes changes.  Applied.

== nmap-3.95-CONNECT-closedfiltered.patch  ==

I'm not convinced that connect() scan should change all instances of
closed to closed|filtered.

== nmap-3.95-detect_TARPIT.patch ==

This patch detects Labrea and iptables tarpits, and avoids scanning
them if it finds them during ping scan.  Neat patch, and I'm glad it
exists for people who want the functionality, but I'm not sure that it
belongs in mainline Nmap.

== nmap-3.95-defeat_ratelimits.patch ==

This looks promising, especially the ICMP error rate limiting part.
I'm too tired tonight, but made a note to examine it later.

Thanks again!
-Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev