Nmap Development mailing list archives
[PATCHed] Send valid IP-in-IP header when using -sO
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 26 Jan 2007 22:43:49 -0600
The attached patch (/nmap SVN r4403) sends valid IPIP (IP-in-IP encapsulation) headers when using -sO. Here's the SVN log: ------------------------------------------------------------------------ r4403 | kris | 2007-01-26 22:36:24 -0600 (Fri, 26 Jan 2007) | 1 line Start sending a valid encapsulated header with IP-in-IP with -sO. Hosts respond more when a valid header is sent. I kept getting open|filtered for this, and now I get open. It's a lot like my IGMP patch from r4361 ------------------------------------------------------------------------ I've tested it, and it seems to work great. If anybody else can test it as well, that'd be awesome. Thanks, Kris Katterjohn
Index: CHANGELOG =================================================================== --- CHANGELOG (revision 4402) +++ CHANGELOG (revision 4403) @@ -31,9 +31,10 @@ o Applied a bunch of code cleanup patches from Kris Katterjohn. -o Changed the IP protocol scan so that it sends actual IGMP headers when - scanning protocol number 2. This makes it much more likely that the host - will respond, proving that it's "open". [Kris] +o Changed the IP protocol scan so that it sends actual IGMP and IPIP + (IP-in-IP encapsulation) headers when scanning protocol numbers 2 + and 4, respectively. This makes it much more likely that the host + will respond, proving that they're "open". [Kris] o Fixed UDP scan so that it doesn't find it's own port when scanning localhost. This was thought to be fixed in 4.10. This also prevents a Index: scan_engine.cc =================================================================== --- scan_engine.cc (revision 4402) +++ scan_engine.cc (revision 4403) @@ -2203,6 +2203,23 @@ &packetlen); break; + case IPPROTO_IPIP: + /* This is our inner IP header, followed by data */ + packet = build_ip_raw(&o.decoys[decoy], hss->target->v4hostip(), + IPPROTO_TCP, /* fake it */ + o.ttl, ipid, IP_TOS_DEFAULT, false, + o.ipoptions, o.ipoptionslen, + o.extra_payload, o.extra_payload_length, + &packetlen); + + /* This is our outer IP header, followed by the inner header above */ + packet = build_ip_raw(&o.decoys[decoy], hss->target->v4hostip(), + pspec->proto, + o.ttl, ipid, IP_TOS_DEFAULT, false, + o.ipoptions, o.ipoptionslen, + (char *) packet, packetlen, + &packetlen); + break; default: packet = build_ip_raw(&o.decoys[decoy], hss->target->v4hostip(), pspec->proto,
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCHed] Send valid IP-in-IP header when using -sO Kris Katterjohn (Jan 26)