Nmap Development mailing list archives
Re: [NSE] New script dns-blacklist
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 8 Jan 2012 10:24:37 +0100
On Sun, Jan 8, 2012 at 4:05 AM, David Fifield <david () bamsoftware com> wrote:
On Mon, Jan 02, 2012 at 11:31:09AM +0000, Duarte Silva wrote:Hi Patrik, I added two new DNSBL providers, one for TOR nodes [1] [1] https://www.dan.me.uk/dnsblFor Tor, let's see if we can use the Tor Project's exit list directly, rather than some third party that is just querying them anyway. https://www.torproject.org/projects/tordnsel.html The main difference is whether an address can be considered an exit node depends on the address and port you are relaying to, so those are part of the query. Apparently TorDNSEL also does active probing to find out if relays' behavior actually matches their stated exit policy.
As far as I can tell the first service also allows us to query for entry nodes. I'm not sure what we want/need and leave that up to the Tor experts. If we only want exit nodes, the official Tor Project service is obviously a better source.
Another possibly more efficient way is to download the whole relay list once, and then compare each target address against the list. This also has the advantage of not needing to disclose the target's address to the exit list operator. https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=74.207.254.18 David FIfield
While I agree with it being more efficient it should probably go into it's own script as it's not DNSBL? Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 03)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Arne Martin Wandsvig (Jan 07)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 15)