Nmap Development mailing list archives
[PATCHed] Fix IPProto Scan on localhost with --data-length >=8
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 27 Jan 2007 20:30:51 -0600
The attached patch (/nmap SVN r4405) fixes the IPProto Scan when scanning localhost and using --data-length to add at least 8 bytes of data. The SVN log explains: ------------------------------------------------------------------------ r4405 | kris | 2007-01-27 20:25:27 -0600 (Sat, 27 Jan 2007) | 1 line Fixed IPProto Scan on localhost when using --data-length to add at least 8 bytes of data. There is a check to see if the packet is at least 28 bytes long (IP header and 8 bytes of data), and if it's at least that big it's considered good. So if the protocol matches, it's considered open. The problem was we didn't check for our own probes, so if we scan localhost with --data-length >=8, everything was labeled open. ------------------------------------------------------------------------ If anybody can test this further, that'd be awesome. Thanks, Kris Katterjohn
Index: scan_engine.cc =================================================================== --- scan_engine.cc (revision 4404) +++ scan_engine.cc (revision 4405) @@ -2885,8 +2885,13 @@ probe = *probeI; if (probe->protocol() == ip->ip_p) { - /* We got a packet from the dst host in the protocol we looked for, so it - must be open */ + /* if this is our probe we sent to localhost, then it doesn't count! */ + if (ip->ip_src.s_addr == ip->ip_dst.s_addr && + probe->ipid() == ntohs(ip->ip_id)) + continue; + + /* We got a packet from the dst host in the protocol we looked for, and + it wasn't our probe to ourselves, so it must be open */ newstate = PORT_OPEN; goodone = true; }
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCHed] Fix IPProto Scan on localhost with --data-length >=8 Kris Katterjohn (Jan 27)