Re: [nmap-svn] r21941 - nmap/todo

[David <david () bamsoftware com>]

On Mon, Jan 24, 2011 at 05:35:24PM +0100, Luis MartinGarcia. wrote:
> On 01/22/2011 05:58 PM, David wrote:
> > On Sat, Jan 22, 2011 at 01:16:17PM +0100, Luis MartinGarcia wrote:
> > > On Fri, Jan 21, 2011 at 10:58 PM,  <commit-mailer () insecure org> wrote:
> > > > Author: david
> > > > Date: Fri Jan 21 13:58:55 2011
> > > > New Revision: 21941
> > > >
> > > > Log:
> > > > TODO:
> > > > o [Nping] See whether --echo-client mode really requires root, and
> > > >  remove that restriction if not.
> > > Hi David,
> > >
> > > Nping does need root access for echo mode (for both client and server
> > > roles). This is because the protocol requires the client to provide
> > > the server with details about the packets that are going to be
> > > transmitted. When Nping is run in unprivileged mode, most of that
> > > information cannot be accessed as it is the OS who crafts network
> > > layer and transport layer headers.
> > >
> > > If you need a more elaborate answer, please let me know.
> > What kind of information? What is the client unable to provide with, for
> > example,
> >     nping --echo-client "public" --tcp-connect server
> > What phase of the connection does it send this information in?
>
> So, why does the echo client require root access? Because it needs to
> know the IP IDs, windows sizes, seq and ack numbers, etc. Otherwise, the
> server would not have enough information for the the packet matching
> engine. It is true that we could relax these constraints but I don't
> think its worth it, as it would reduce the security of the system and
> limit the server's multi-user capabilities.

Okay, that's a good explanation. I hadn't understood the
matching/scoring system.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/