Re: [nmap-svn] r8541 - nmap

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 30 Jun 2008 16:55:19 -0700
Kris Katterjohn <katterjohn () gmail com> committed:

> Author: kris
> Date: Mon Jun 30 16:55:19 2008
> New Revision: 8541
>
> Modified:
>    nmap/idle_scan.cc
>    nmap/osscan2.cc
>    nmap/scan_engine.cc
>    nmap/tcpip.cc
>    nmap/tcpip.h
>    nmap/traceroute.cc
>
> Log:
> Adding packet validity checking to readip_pcap() so the caller can
> assume the packet is OK from the get-go rather than running basic
> checks of it's own.
...snip...
> This seems to work great after doing what testing I could.  It's been
> out on nmap-dev for a couple of weeks without any bad reports (none
> at all for that matter).  I reviewed this patch again before
> committing and it looks good as well.

I actually tested this quite a bit but never got a chance to post my
results.  I scanned ~50k hosts on campus on all 64k ports.  I also
scanned all our IPs on a about a dozen ports.  I also randomly scanned
200M Internet hosts on a handful of ports before Time Warner threatened
to turn me off.

The results:

* Nmap never crash
* The only errors I triggered were packets with unknown/bad IP options
* I couldn't get any really bad packets back

It seems that most routers won't forward really screwed up IP packets
and since the local router constructs the data-link header most
problems can only show up on the local segment.

I figure someone could setup a local host that deliberately screws up
outgoing frames but overall, I think the patch looks good enough we
don't need to do that kind of testing.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhpfggACgkQqaGPzAsl94Is/ACgnisHWYQNT4kj2UR6JNEmFJHN
AxQAnAzEcBfUZ53qPTiM45cmufLzL0dt
=I7Dm
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org