Nmap Development mailing list archives
Bug found in OpenBSD nmap
From: "D." <dugely () yahoo com>
Date: Wed, 26 Sep 2001 17:48:04 -0700 (PDT)
Hello nmap-dev, I recently switched my RedHat Linux workstation over to OpenBSD. I figure saftey is a good thing, and I'm finding the OpeBSD X windows interface actually quite comfortable... Anyways, next time you're on an OpenBSD 2.9 (maybe other versions too) try doing a -sO scan (ipprotocol scan). It gives you this message: /home/doug@orion$ nmap -sO -v -v -v -d localhost Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) Packet capture filter: (icmp and dst host 127.0.0.1) or (tcp and dst host 127.0.0.1 and ( dst port 55239 or dst port 55240 or dst port 55241 or dst port 55242 or dst port 55243)) ICMP type 8 code 0 packet is only 28 bytes We got a ping packet back from 127.0.0.1: id = 49375 seq = 0 checksum = 16160 Hostupdate called for machine 127.0.0.1 state UNKNOWN/COMBO -> HOST_UP (trynum 0, dotimeadj: yes time: 26814) Finished block: srtt: 27012 rttvar: 27012 timeout: 300000 block_tries: 1 up_this_block: 1 down_this_block: 0 group_sz: 1 massping done: num_hosts: 1 num_responses: 1 Host localhost (127.0.0.1) appears to be up ... good. Starting super_scan Packet capture filter: (icmp and dst host 127.0.0.1) or (tcp and src host 127.0.0.1 and dst host 127.0.0.1 and ( dst port 55219 or dst port 55220)) Initiating IPProto Scan against localhost (127.0.0.1) sendto in send_ip_raw: sendto(3, packet, 20, 0, 127.0.0.1, 16) => Invalid argument Sleeping 15 seconds then retrying sendto in send_ip_raw: sendto(3, packet, 20, 0, 127.0.0.1, 16) => Invalid argument Sleeping 60 seconds then retrying ^Ccaught SIGINT signal, cleaning up /home/doug@orion$ uname -a OpenBSD orion 2.9 DOUGS#0 i386 Anyways, I narrowed the problem down to the use of the BSDUFIX macro, which calls ntohs for one of the arguments in sendto. I simply removed the macro from that particular argument, and it now works seemingly flawlessly... Here's my patch of what I did (I imagine this could break nmap on other platforms): http://hardcoresoftware.cjb.net/nmap/tcpip.c.patch But the thing is, I was digging around in nmap.h, and I saw this: #ifndef BSDFIX #if FREEBSD || BSDI || NETBSD #define BSDFIX(x) x #define BSDUFIX(x) x #else #define BSDFIX(x) htons(x) #define BSDUFIX(x) ntohs(x) #endif #endif /* BSDFIX */ There's lots of other BSDUFIX macros being used in the OpenBSD source, and they all seem to work but that one... I'm wondering if " || OPENBSD" should be appended onto the second line of that code snippet, and if not, why? Why the whole need for this? Does BSD do this differently than other unixs? Anyways, maybe somebody who understands the code better than I could make the suggestion. All I know is that this fixed my problem, and if that helps anyone else out, great! Doug Hoyte __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Bug found in OpenBSD nmap D. (Sep 26)