summaryrefslogtreecommitdiffstats
path: root/todo/sctp.txt
diff options
context:
space:
mode:
Diffstat (limited to 'todo/sctp.txt')
-rw-r--r--todo/sctp.txt49
1 files changed, 49 insertions, 0 deletions
diff --git a/todo/sctp.txt b/todo/sctp.txt
new file mode 100644
index 0000000..55bf042
--- /dev/null
+++ b/todo/sctp.txt
@@ -0,0 +1,49 @@
+TODO.sctp $Id$ -*-text-*-
+
+o Further investigate SCTP functionality, as some people reported
+ problems (see this thread:
+ http://seclists.org/nmap-dev/2009/q2/0669.html)
+
+o Add support for UDP encapsulated SCTP (9899/udp).
+ Basically just wrap the SCTP packets into a UDP packet.
+ Think about how to add support for this to libdnet first.
+ See this Internet Draft by Michael Tuexen for the specs:
+ http://tools.ietf.org/html/draft-tuexen-sctp-udp-encaps
+ This is actually quite a challenging task due to the
+ current architecture of the scan engine. How to best
+ differentiate a UDP packet related to a UDP scan from a
+ UDP wrapped SCTP packet? How to unpack the UDP wrapped
+ SCTP packet in order not to duplicate a lot of code?
+ A good solution will be non-trivial.
+
+o Verify ICMP response handling for SCTP. Make sure all
+ ICMP types are handled in an optimal way (esp. destination
+ unreachable: protocol unreachable).
+
+o Consider removing 9899/sctp from the default port list.
+ 9899/udp is used for UDP encapsulated SCTP. One reason
+ to keep 9899/sctp is likely misconfigurations.
+
+o Investigate whether it makes sense to store scan state in
+ the itag/itsn fields for INIT scans.
+
+o Investigate the suitability of other SCTP chunks for port
+ scanning and implement more scan types if they turn out to
+ be worthwhile. One unverified idea is to experiment with
+ undefined chunk types and their first two magic bits to
+ provoke ERROR responses.
+
+o Add SCTP based service probing.
+
+o [Ncat] Consider implementing SCTP broker mode.
+
+o [NSE] Add SCTP support to NSE.
+
+o Investigate on differences between SCTP stacks and
+ implement SCTP based OS detection probes based on the
+ results. For example, BSD systems send the ASCII string
+ KAME-BSD in INIT-ACK chunks.
+
+o SCTP-enable scanme.nmap.org in order to make scanme.roe.ch
+ obsolete.
+