Nmap Development mailing list archives
Nuff DNS Server (dnsd)
From: doug () hcsw org
Date: Mon, 9 Apr 2007 15:12:55 -0700
Hello everyone! I have some bad news, some good news, and some better news. In my nuff SoC proposal I suggested, among many other ideas, the following nuff script: * dnsd - A simple, extremely secure, caching DNS forwarder. dnsd will also use an experimental based-on-historical-patterns DNS pre-fetching algorithm which I am in the process of inventing. This should outperform BIND in a number of common cases. The bad news is that dnsd has to be removed from consideration in my SoC proposals. The good news is that this is because I already implemented it as an assignment for a networking class. dnsd is a success! Nuff was a convenient, powerful, concise language for creating a DNS server and it allowed me to spend more time researching and less time developing. We (Doug Hoyte and HCSW Labs) invented a DNS prediction algorithm that outperforms BIND and other conventional DNS resolvers in a number of common cases. You can read about the algorithm and view the BIND vs dnsd benchmark graphs in our whitepaper here: http://hcsw.org/nuff/papers/dnsd/ and you can download nuff version 1.2.1 which includes the dnsd script and documentation from the nuff website: http://hcsw.org/nuff/ With nuff installed, reading the help for dnsd is done like so: $ nuff -help dnsd and launching a caching, predictive DNS forwarder is as easy as: # nuff dnsd -daemon -predict The better news is that I am releasing a few more ideas to replace dnsd on the public idea-list: * dhclient - This is a nuff implementation of a DHCP client. Instead of configuring your system's IP stack with the DHCP results, however, it will configure certain nuff data structures. The idea is to be able to fake the presence of a host on a network, with a custom MAC address on up through the other network layers. This functionality will be very useful for other nuff utilities that require complete control of an IP/MAC address without your operating system filtering any outbound packets or sending any undesired replies. dhclient also has a DHCP stress-testing mode that attempts a denial of service attack by occupying all the allocated DHCP slots on a LAN and possibly muscling existing clients offline with ARP cache poisoning tricks. * qscan - This is a nuff implementation of my Qscan patch to Nmap with some accuracy and speed improvements. Qscan uses round-trip time measurements to infer the presence of packet filtering devices like firewalls. Unlike other firewall discovery methods like TTL discrepancies and ed3f-style checksum techniques, hiding firewalls from qscan is difficult and inconvenient. Qscan as a patch for an older version of Nmap here: http://hcsw.org/nmap/nmap-4.20-qscan.patch Qscan documentation: http://hcsw.org/nmap/QSCAN Clarification on some documentation: http://seclists.org/nmap-dev/2006/q4/0296.html http://seclists.org/nmap-dev/2006/q4/0300.html * reordermon - A packet re-ordering monitor. In most cases, packet queues on the internet use first-come first-serve queuing techniques so that packets are received in the same order that they are sent. When a certain type of packet is replied to by a device different than the ultimate destination host (like by a firewall that sends RSTs) then we can detect it by looking for packet re-ordering. By sending 2 packets in quick succession and looking for cases when we receive the responses back out of order, reordermon can detect these types of packet filters more efficiently and reliably than with qscan. Defending against reordermon is probably even more difficult than against qscan. Best, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nuff DNS Server (dnsd) doug (Apr 09)