Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Syn Scan as a default option #129

Open
bernardoamc opened this issue Aug 6, 2020 · 4 comments
Open

Implement Syn Scan as a default option #129

bernardoamc opened this issue Aug 6, 2020 · 4 comments
Labels
feature_request

Comments

@bernardoamc
Copy link
Collaborator

Most of the time we can save resources by issuing a SYN scan rather than a full TCP scan.
@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.99. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@bee-san
Copy link
Member

bee-san commented Aug 6, 2020

We are thinking of making our own TCP stack for this :)

@inainazumakun
Copy link
Collaborator

For organization's sake- the current TCP scan/handshake looks like this, and is an abstraction forced by Rust from the net::tcpstream implementation.

  1. RustScan sends the SYN packet to IP:Port
  2. a. If port is closed, then IP:Port will respond with a RST packet. (no further action is needed as port is closed)
    b. If port is open, then IP:Port will respond with a SYN/ACK packet.
  3. On receiving the SYN/ACK packet, respond back again with ACK packet to complete TCP handshake and confirm data transfer
  4. Either Server will attempt to send back data to us (i.e. HTTP), or we close the connection by sending a RST/FIN packet. Port is confirmed open.

We can completely cut out the last two steps, which can speed up the process quite quickly and reduces network load for the target server, as they no longer will expect a connection as long as we send a RST in time.

Ideally, our TCP stack should look like this.

  1. RustScan sends the SYN packet to IP:Port
  2. a. If port is closed, then IP:Port will respond with a RST packet. (no further action is needed as port is closed)
    b. If port is open, then IP:Port will respond with a SYN/ACK packet.
  3. On receiving the SYN/ACK packet, respond back again with a RST packet and mark down port as open.

The only issue is that this may look suspicious to some firewalls and IDS from looking similar to a SYN attack, but should work for majority of cases.

@bergabman
Copy link
Contributor

I did a quick check how async-std does the thing, and it looks like they use an adapter for a sync TcpStream connection. Which means we can probably take the current Rust implementation of the TcpStream, remove the unnecessary parts (3,4) from the stack like @SmackHack said. As soon as we have a similar TcpStream like in the original implementation, we can use the adapter and call async .await on it in RustScan.

https://docs.rs/async-io/1.1.2/async_io/struct.Async.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature_request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bernardoamc @bee-san @bergabman @inainazumakun