Re: Google/Nmap SoC 2009 Project Ideas?

[Daniel Roethlisberger <daniel () roe ch>]

ithilgore <ithilgore.ryu.l () gmail com> 2009-03-11:
> Daniel Roethlisberger wrote:
> > Fyodor <fyodor () insecure org> 2009-03-09:
> > > Hi all.  Google just began taking applications for organizations to
> > > participate in the 2009 Summer of Code!  As you probably all know, the
> > > Nmap Project has benefited greatly from participating in that program
> > > for the past four years.  I even wrote a blog entry for them about it:
> > >
> > > http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html
> > >
> > > One of the most important requirements of a successful SoC is coming up
> > > with a great "ideas page" which lists summer projects that students
> > > can apply for.  They can always come up with their own completely new
> > > ideas (and we encourage that sort of creativity), but most choose
> > > ideas from our list or at least start with one for inspiration.
> > >
> > > You can see our 2008 ideas page here:
> > >
> > > http://nmap.org/GoogleGrants.html
> > >
> > > So if anyone has an idea for Nmap (including Ndiff, Ncat, or Zenmap),
> > > please speak up!
> >
> > Off the top of my hat:
> >
> > o Full IPv6 support in every aspect of Nmap.  I am seeing IPv6 on
> >   the rise, already over 50% of my personal incoming email is
> >   received over IPv6!  The available v4 pool wont last much longer
> >   than perhaps three years.  Nmap should get ready for the future
> >   as well and implement comprehensive support for IPv6.
> >
> > o SCTP based OS detection; would require the student to find practical
> >   differences in major SCTP stacks first, and then implement and test
> >   that.  Major hurdle to make this a success would be the required or
> >   at least desired access to as many proprietary SCTP stacks as
> >   possible.
>
> The SCTP detection sounds really interesting, though as Michael
> Pattrick said, it might be a bit too large. However, it could
> possibly use osscan2.cc as a basic template, thus limiting the
> task to only mess with the SCTP kernel internals (which is big
> enough by itself I have to admit).

I did not mean to suggest to do SCTP based OS detection
completely separate from what we have now.

> Btw I think there are not that many SCTP stacks available.

There's the KAME/BSD stack, Linux, Solaris and IOS each come with
their own, and then there are at least four different proprietary
stacks.

> Another unfortunate thing is that SCTP functionality is not
> usually enabled by default and many systems use a userspace
> library instead to implement SCTP. Despite these, SCTP by
> itself is a protocol that has not been researched as
> extensively as TCP and thus provides much ground for
> discovering new techniques against it.
>
> Another idea might be an official proxy scanning patch for
> Nmap. I discussed a bit about this with the folk at #nmap
> (efnet) and thought that maybe it's time for something that
> gets at last integrated with Nmap, if of course Fyodor and the
> rest agree.
>
> Porting Nmap to mobile phones might be another good idea (for
> example Google's android), though I think that something
> similar has been previously been proposed.
>
> I will hopefully apply for GSoC/Nmap this year, since I am
> really interested in Nmap and low level networking.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org