diff options
Diffstat (limited to 'todo/sctp.txt')
-rw-r--r-- | todo/sctp.txt | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/todo/sctp.txt b/todo/sctp.txt new file mode 100644 index 0000000..55bf042 --- /dev/null +++ b/todo/sctp.txt @@ -0,0 +1,49 @@ +TODO.sctp $Id$ -*-text-*- + +o Further investigate SCTP functionality, as some people reported + problems (see this thread: + http://seclists.org/nmap-dev/2009/q2/0669.html) + +o Add support for UDP encapsulated SCTP (9899/udp). + Basically just wrap the SCTP packets into a UDP packet. + Think about how to add support for this to libdnet first. + See this Internet Draft by Michael Tuexen for the specs: + http://tools.ietf.org/html/draft-tuexen-sctp-udp-encaps + This is actually quite a challenging task due to the + current architecture of the scan engine. How to best + differentiate a UDP packet related to a UDP scan from a + UDP wrapped SCTP packet? How to unpack the UDP wrapped + SCTP packet in order not to duplicate a lot of code? + A good solution will be non-trivial. + +o Verify ICMP response handling for SCTP. Make sure all + ICMP types are handled in an optimal way (esp. destination + unreachable: protocol unreachable). + +o Consider removing 9899/sctp from the default port list. + 9899/udp is used for UDP encapsulated SCTP. One reason + to keep 9899/sctp is likely misconfigurations. + +o Investigate whether it makes sense to store scan state in + the itag/itsn fields for INIT scans. + +o Investigate the suitability of other SCTP chunks for port + scanning and implement more scan types if they turn out to + be worthwhile. One unverified idea is to experiment with + undefined chunk types and their first two magic bits to + provoke ERROR responses. + +o Add SCTP based service probing. + +o [Ncat] Consider implementing SCTP broker mode. + +o [NSE] Add SCTP support to NSE. + +o Investigate on differences between SCTP stacks and + implement SCTP based OS detection probes based on the + results. For example, BSD systems send the ASCII string + KAME-BSD in INIT-ACK chunks. + +o SCTP-enable scanme.nmap.org in order to make scanme.roe.ch + obsolete. + |