osdir.com
mailing list archive

Subject: Scanning for idle hosts to use in idle/zombie scan - msg#00135

List: security.nmap.devel

Date: Prev Next Index Thread: Prev Next Index
I'm sorry if I say anything too n00b. Additionally, I can't figure out how to
search the list for previous mentions of this, but: Does nmap have the ability,
or plan to, to scan a/a range of host/s for idleness? That is, simply ping/try
to connect a couple of times and predict a target's usefulness for a
zombie/idle scan?

I apologized again if this post doesn't stur up ideas. It's just that the whole
idle scan thing excites me. I love the concept and I love nmap's implementation
of it.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



Was this page helpful?
Yes No
Thread at a glance:

Previous Message by Date: click to view message preview

[PATCH] Fix NMAP_ARGS + cmdline args handling in main.cc

The attached patch fixes the handling of NMAP_ARGS so that the rest of the command-line arguments nmap is called with are copied over into 'command' so they'll get passed to getopt(). As opposed to NMAP_ARGS being the only thing nmap uses for it's arguments. I ran across NMAP_ARGS in main.cc, so I wanted to test it out: # export NMAP_ARGS=-d # nmap localhost ..only to have nmap complain about not having any targets specified. This fixes that. Also, Fyodor, can you better document NMAP_ARGS? Or am I just the only one who didn't know about it? :) It's a diff against 4.20ALPHA7 Thanks, Kris Katterjohn --- x/main.cc 2006-08-31 00:29:11.000000000 -0500 +++ y/main.cc 2006-09-28 23:31:33.000000000 -0500 @@ -212,6 +212,11 @@ int main(int argc, char *argv[]) { if (snprintf(command, sizeof(command), "nmap %s", cptr) >= (int) sizeof(command)) { error("Warning: NMAP_ARGS variable is too long, truncated"); } + /* copy rest of command-line arguments */ + for (i = 1; i < argc && strlen(command) + strlen(argv[i]) + 1 < sizeof(command); i++) { + strcat(command, " "); + strcat(command, argv[i]); + } myargc = arg_parse(command, &myargv); if (myargc < 1) { fatal("NMAP_ARG variable could not be parsed"); _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org

Next Message by Date: click to view message preview

[PATCH] Remove a few unused #defines in nmap.h

The attached patch removes a few unused macros and comments in nmap.h It's a diff against 4.20ALPHA7 Thanks, Kris Katterjohn --- x/nmap.h 2006-08-24 20:47:58.000000000 -0500 +++ y/nmap.h 2006-09-29 14:06:53.000000000 -0500 @@ -272,15 +272,6 @@ void *realloc(); /* How many hosts do we ping in parallel to see if they are up? Note that this is divided by the num probes per host */ #define LOOKAHEAD 30 -/* If reads of a UDP port keep returning EAGAIN (errno 13), do we want to - count the port as valid? */ -#define RISKY_UDP_SCAN 0 - /* This ideally should be a port that isn't in use for any protocol on our machine or on the target */ -#define MAGIC_PORT 49724 -/* How many udp sends without a ICMP port unreachable error does it take before we consider the port open? */ -#define UDP_MAX_PORT_RETRIES 4 - /*How many seconds before we give up on a host being alive? */ - #define FAKE_ARGV "pine" /* What ps and w should show if you use -q */ /* How do we want to log into ftp sites for */ #define FTPUSER "anonymous" @@ -327,7 +318,6 @@ void *realloc(); #endif #define INITIAL_RTT_TIMEOUT 1000 /* Allow 1 second initially for packet responses */ -#define HOST_TIMEOUT 0 /* By default allow unlimited time to scan each host */ #ifndef MAX_RETRANSMISSIONS #define MAX_RETRANSMISSIONS 10 /* 11 probes to port at maximum */ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org

Previous Message by Thread: click to view message preview

[PATCH] Fix NMAP_ARGS + cmdline args handling in main.cc

The attached patch fixes the handling of NMAP_ARGS so that the rest of the command-line arguments nmap is called with are copied over into 'command' so they'll get passed to getopt(). As opposed to NMAP_ARGS being the only thing nmap uses for it's arguments. I ran across NMAP_ARGS in main.cc, so I wanted to test it out: # export NMAP_ARGS=-d # nmap localhost ..only to have nmap complain about not having any targets specified. This fixes that. Also, Fyodor, can you better document NMAP_ARGS? Or am I just the only one who didn't know about it? :) It's a diff against 4.20ALPHA7 Thanks, Kris Katterjohn --- x/main.cc 2006-08-31 00:29:11.000000000 -0500 +++ y/main.cc 2006-09-28 23:31:33.000000000 -0500 @@ -212,6 +212,11 @@ int main(int argc, char *argv[]) { if (snprintf(command, sizeof(command), "nmap %s", cptr) >= (int) sizeof(command)) { error("Warning: NMAP_ARGS variable is too long, truncated"); } + /* copy rest of command-line arguments */ + for (i = 1; i < argc && strlen(command) + strlen(argv[i]) + 1 < sizeof(command); i++) { + strcat(command, " "); + strcat(command, argv[i]); + } myargc = arg_parse(command, &myargv); if (myargc < 1) { fatal("NMAP_ARG variable could not be parsed"); _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org

Next Message by Thread: click to view message preview

[PATCH] Remove a few unused #defines in nmap.h

The attached patch removes a few unused macros and comments in nmap.h It's a diff against 4.20ALPHA7 Thanks, Kris Katterjohn --- x/nmap.h 2006-08-24 20:47:58.000000000 -0500 +++ y/nmap.h 2006-09-29 14:06:53.000000000 -0500 @@ -272,15 +272,6 @@ void *realloc(); /* How many hosts do we ping in parallel to see if they are up? Note that this is divided by the num probes per host */ #define LOOKAHEAD 30 -/* If reads of a UDP port keep returning EAGAIN (errno 13), do we want to - count the port as valid? */ -#define RISKY_UDP_SCAN 0 - /* This ideally should be a port that isn't in use for any protocol on our machine or on the target */ -#define MAGIC_PORT 49724 -/* How many udp sends without a ICMP port unreachable error does it take before we consider the port open? */ -#define UDP_MAX_PORT_RETRIES 4 - /*How many seconds before we give up on a host being alive? */ - #define FAKE_ARGV "pine" /* What ps and w should show if you use -q */ /* How do we want to log into ftp sites for */ #define FTPUSER "anonymous" @@ -327,7 +318,6 @@ void *realloc(); #endif #define INITIAL_RTT_TIMEOUT 1000 /* Allow 1 second initially for packet responses */ -#define HOST_TIMEOUT 0 /* By default allow unlimited time to scan each host */ #ifndef MAX_RETRANSMISSIONS #define MAX_RETRANSMISSIONS 10 /* 11 probes to port at maximum */ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Sign up for updates to this mailing list. email:
Loading Comments...
Home | News | Patents | Sitemap | FAQ | advertise

Advertising by