Re: [PATCH] New 0-true-packets scanning method

[Fyodor <fyodor () insecure org>]

On Sun, Jan 01, 2006 at 06:14:50AM +0100, Pablo Fernandez wrote:
> As a gift for this new year I just finished coding a patch for the
> latest stable release of nmap (3.95). Just like the Idle scan, this one
> also sends 0 packets to the target from the true IP address (although is
> not as cool as the Idle scan, bummer =P ).

Thanks, Pablo.  Users request "proxy scan" on a fairly regular basis.
It was ranked #14 out of 22 in the 2003 Nmap survey
(http://seclists.org/lists/nmap-hackers/2003/Apr-Jun/0011.html).
We'll see how it does in the 2006 survey, which should be announced
within a month.

Even a patch which isn't integrated into Nmap is useful in that users
can always apply it and use it themselves.  That is the beauty of open
source!  I would certainly consider integrating a well-written proxy
patch which:

o Can handle both SOCKS and HTTP proxies
o Handles proxy chaining gracefully
o Scans the ports in parallel, ideally using the existing ultra_scan()
  infrastructure.
o Includes documentation (diff of docs/nmap_manpage.xml)
o Is coded carefully to avoid buffer overflows or any other security
  problems.  It also must be efficient and accurate.
o Tested on UNIX and Windows

If someone wants to construct such a patch, you are certainly welcome
and encouraged to do so!

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev