Nmap Development mailing list archives
Re: Feature request list all IP addresses of a host name
From: Djalal Harouni <tixxdz () gmail com>
Date: Thu, 29 Apr 2010 22:39:05 +0100
On 2010-04-29 10:34:09 -0500, Ron wrote:
On Thu, 29 Apr 2010 12:34:12 +0200 "Luis MartinGarcia." <luis.mgarc () gmail com> wrote:So the thing is, how often a DNS query for a hostname returns different IPs that actually represent different physical hosts and how often those IPs belong to just one host?I would suspect the answer is, not all that often if ever. I've seen cases where a machine has multiple interfaces with different domain names (we do that a lot), and I see a lot of cases where one domain name points to different physical (but similar or even identical) boxes, like Google. But I don't think I've ever seen a place where the same name on the same box has different addresses. That doesn't seem to make sense to me - please correct me if I'm wrong.
You can have different addresses for the same box with the same name which is useful on network routing issues, of course a domain name pointing to different physical boxes will be more appropriate. For our case you may think of a router box with different interfaces (addresses) to handle subnets, then the panel control of the router (ssh, snmp etc) is binded to a specifc IP, the scan is performed from a third different subnet and in this case it depends on the IP address used to reach ssh.
It seems to me, the way Nmap currently works, you're missing potentially important data. If the same hostname points to multiple addresses, and the different addresses have different configurations, or one is compromised, then you're basically closing your eyes and taking a shot in the dark. The next time you scan the same address, you aren't necessarily scanning the same machine. In other words, the current method of only scanning the first ip address is likely missing things, and is also non-deterministic. I would personally advocate scanning all addresses (or the first x for a reasonable value of x (16?) with a warning if there are too many) by default, and giving options to scan one or all. I realize the issues with changing the output for sysadmins, but I think they'd rather go "holy crap, we have a Trojan on one of our 10 servers!?" than "hmm, looks fine to me!" That's my 2 Canadian cents (in US currency, that's 1.99 cents). -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- tixxdz _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Feature request list all IP addresses of a host name, (continued)
- Re: Feature request list all IP addresses of a host name Djalal Harouni (Apr 29)
- Re: Feature request list all IP addresses of a host name Kris Katterjohn (Apr 29)
- Re: Feature request list all IP addresses of a host name Ron (Apr 29)
- Re: Feature request list all IP addresses of a host name Kris Katterjohn (Apr 29)
- Re: Feature request list all IP addresses of a host name Rob Nicholls (Apr 29)
- Re: Duplicate IPs in hostgroup (was: Feature request list all IP addresses of a host name) Fyodor (Apr 29)
- Re: Duplicate IPs in hostgroup (was: Feature request list all IP addresses of a host name) David Fifield (Jun 15)
- Re: Duplicate IPs in hostgroup (was: Feature request list all IP addresses of a host name) David Fifield (Jun 25)
- Re: Feature request list all IP addresses of a host name Ron (Apr 29)
- RE: [BULK] Re: Feature request list all IP addresses of a host name Norris Carden (Apr 30)
- Re: Feature request list all IP addresses of a host name Djalal Harouni (Apr 29)
- Re: Feature request list all IP addresses of a host name jah (Apr 29)
- Re: Feature request list all IP addresses of a host name David Fifield (May 11)