Nmap Development mailing list archives

Re: Bad IP-checksums

From: "Michael Pattrick" <mpattrick () rhinovirus org>
Date: Fri, 15 Aug 2008 18:38:38 -0400

On Fri, Aug 15, 2008 at 4:07 PM, Fyodor <fyodor () insecure org> wrote:

On Fri, Aug 15, 2008 at 03:11:02PM +0200, Gisle Vanem wrote:


After some digging, I found two places where 'ip->ip_sum'
wasn't cleared before calculating the sum. I believe the omission
in osscan2.cc that was causing me trouble. A patch against today's
svn:


Did this actually fix the problem for you?  For osscan2.cc, it looks
at first glance like ip_sum should already be zero because of line
3064:

   memset((char *) packet, 0, sizeof(struct ip) + sizeof(struct udp_hdr));


This fixed the problem for me, after debugging a bit I noticed that
the ip check sum is set after:

realcheck = magic_tcpudp_cksum(source, victim, IPPROTO_UDP,
                                   sizeof(struct udp_hdr) + datalen, (char *) udp);

The actual checksum value seems to change at line 1052 of tcpip.cc,
but I'm not sure why.

Hope this helps,
Michael

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Bad IP-checksums Gisle Vanem (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)
  - Re: Bad IP-checksums David Fifield (Jul 25)
    - Re: Bad IP-checksums Brandon Enright (Jul 25)
    - Re: Bad IP-checksums Gisle Vanem (Jul 26)
    - Re: Bad IP-checksums Gisle Vanem (Jul 26)
    - Re: Bad IP-checksums Gisle Vanem (Aug 15)
    - Re: Bad IP-checksums Fyodor (Aug 15)
    - Re: Bad IP-checksums Gisle Vanem (Aug 15)
    - Re: Bad IP-checksums Michael Pattrick (Aug 15)
    - Re: Bad IP-checksums Gisle Vanem (Aug 16)
    - Re: Bad IP-checksums David Fifield (Aug 20)
    - Re: Bad IP-checksums Michael Pattrick (Aug 20)
    - Re: Bad IP-checksums Gisle Vanem (Aug 21)
    - Re: Bad IP-checksums David Fifield (Aug 21)