Nmap Development mailing list archives
Re: [nmap-svn] r21941 - nmap/todo
From: David <david () bamsoftware com>
Date: Mon, 24 Jan 2011 16:16:37 -0800
On Mon, Jan 24, 2011 at 05:35:24PM +0100, Luis MartinGarcia. wrote:
On 01/22/2011 05:58 PM, David wrote:On Sat, Jan 22, 2011 at 01:16:17PM +0100, Luis MartinGarcia wrote:On Fri, Jan 21, 2011 at 10:58 PM, <commit-mailer () insecure org> wrote:Author: david Date: Fri Jan 21 13:58:55 2011 New Revision: 21941 Log: TODO: o [Nping] See whether --echo-client mode really requires root, and remove that restriction if not.Hi David, Nping does need root access for echo mode (for both client and server roles). This is because the protocol requires the client to provide the server with details about the packets that are going to be transmitted. When Nping is run in unprivileged mode, most of that information cannot be accessed as it is the OS who crafts network layer and transport layer headers. If you need a more elaborate answer, please let me know.What kind of information? What is the client unable to provide with, for example, nping --echo-client "public" --tcp-connect server What phase of the connection does it send this information in?So, why does the echo client require root access? Because it needs to know the IP IDs, windows sizes, seq and ack numbers, etc. Otherwise, the server would not have enough information for the the packet matching engine. It is true that we could relax these constraints but I don't think its worth it, as it would reduce the security of the system and limit the server's multi-user capabilities.
Okay, that's a good explanation. I hadn't understood the matching/scoring system. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r21941 - nmap/todo Luis MartinGarcia (Jan 22)
- Re: [nmap-svn] r21941 - nmap/todo David (Jan 22)
- Re: [nmap-svn] r21941 - nmap/todo Luis MartinGarcia. (Jan 24)
- Re: [nmap-svn] r21941 - nmap/todo David (Jan 24)
- Re: [nmap-svn] r21941 - nmap/todo Luis MartinGarcia. (Jan 24)
- Re: [nmap-svn] r21941 - nmap/todo David (Jan 22)