Nmap Development mailing list archives
Re: NSEC Enumeration script
From: Rajendra Pondel <neostar20 () gmail com>
Date: Tue, 5 Apr 2011 01:11:31 +0100
great david keep it up On 4/5/11, David Fifield <david () bamsoftware com> wrote:
On Thu, Mar 17, 2011 at 10:54:44PM +0100, John Bond wrote:On 17 March 2011 21:53, John Bond <john.r.bond () gmail com> wrote:On 17 March 2011 21:26, David Fifield <david () bamsoftware com> wrote:Okay, that's good. But let's not worry about these until after the dns-nsec-enum script is merged; we have no use for NSEC3 at the moment.yes i agree however just keep in mind that the current nsec3 stuff i have submitted doesn't work and im not sure how easy it would be to remove it without breaking the nsec script also i am making some progress with the nsec3 script :)Ok i have a very early nsec3 enumeration script. at the moment you will have to run it in debug. Also it will never end in fact thats one reason i wanted to post so early because i dont know what to do with it.You don't run forever--run until every hash value is accounted for. Guess a name, and suppose that an NSEC3 comes back with values 246e6bbc and 27fb6080. Now you know that 246e6bbc and 27fb6080 exist, and nothing between them does. So now you guess more names until you end up in the range 0-246e6bbb or 27fb6081-ffffffff, then make your query. Just keep track of the ranges that you are missing until there are none left. If you do the hashing locally, you can avoid sending a query when its hash falls in a range you already know. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- - Rajendra Pondel Vakow [ http://www.vakow.net ] Blog [ http://neostarx.wordpress.com ] Twitter [ http://twitter.com/neostar20 ] Facebook [ https://www.facebook.com/rajendrapondel ] Yahoo! [ http://profiles.yahoo.com/rajendra.pondel ] LinkedIn [ http://www.linkedin.com/in/rajendrapondel ] _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSEC Enumeration script David Fifield (Apr 04)
- Re: NSEC Enumeration script Rajendra Pondel (Apr 04)
- Re: NSEC Enumeration script John Bond (Apr 05)
- Re: NSEC Enumeration script John Bond (Apr 07)
- Re: NSEC Enumeration script David Fifield (Apr 18)
- Re: NSEC Enumeration script John Bond (Apr 19)
- Re: NSEC Enumeration script John Bond (May 16)
- Re: NSEC Enumeration script John Bond (May 16)
- Re: NSEC Enumeration script John Bond (Apr 07)