Nmap Development mailing list archives
bugfix : wrong IPIDs generation algorithm
From: Guillaume PRIGENT <guillaume.prigent () diateam net>
Date: Thu, 26 Mar 2009 12:58:09 +0100
Hi, While working on a tool called IpMorph (it's purpose is to fool all active and passive OSFP tools) i noticed Nmap didn't always properly analyse the IPIDs generation algorithm. Notably, in the array of IPIDs Nmap gathers, the second one was sometimes replaced by the last one, resulting in a difference way over 1 between the first two IPIDs, thus resulting in Nmap concluding the IPIDs were generated in an unknown manner instead of incrementally. I noticed in osscan2.cc what looks like an copy-paste error, so I fixed that, and now all works fine. You will find the patch attached. Sincerely, Guillaume PRIGENT -- Guillaume PRIGENT - http://minos.diateam.net Direction technique - DIATEAM : Architectes de l'information Phone : +33 (0)298 050 050 Fax : +33 (0)2 98 050 051 GSM : +33 (0)685 172 042 -- "A privilégier la sécurité sur la liberté, on risque de perdre les deux" B.Franklin
Index: osscan2.cc =================================================================== --- osscan2.cc (révision 12685) +++ osscan2.cc (copie de travail) @@ -1826,7 +1826,7 @@ void HostOsScan::makeTSeqFP(HostOsScanStats *hss) if (hss->ipid.tcp_closed_ipids[i] != -1) { if (good_tcp_closed_ipid_num < i) { - hss->ipid.tcp_ipids[good_tcp_closed_ipid_num] = hss->ipid.tcp_closed_ipids[i]; + hss->ipid.tcp_closed_ipids[good_tcp_closed_ipid_num] = hss->ipid.tcp_closed_ipids[i]; } good_tcp_closed_ipid_num++; }
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- bugfix : wrong IPIDs generation algorithm Guillaume PRIGENT (Mar 26)
- Re: bugfix : wrong IPIDs generation algorithm David Fifield (Mar 26)
- Re: bugfix : wrong IPIDs generation algorithm Thierry Zoller (Mar 26)