Nmap Development mailing list archives
Re: Report Bug: IPID_SEQ_RD
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 15 Mar 2014 07:37:01 -0500
Lior, Thanks for this great bug report. I confirmed the behavior: that every host was being reported as having an IPID sequence of all-zeros. I patched osscan2.cc in r32783, which should fix the problem: Fix IPID sequence detection in the case of Random Reported by Lior Levinsky. As part of r32469, which added IPv6 IPID sequnce detection, the logic to detect all-zero IPID sequences was split. get_diffs was returning IPID_SEQ_UNKNOWN, IPID_SEQ_RD, or 1 for all-zeros, but the get_ipid_sequence_* functions were treating every non-zero return value as indicating all-zeros, which meant that IPID sequence detection was broken. Please let us know if you run into any more problems! Dan On Fri, Mar 14, 2014 at 6:51 AM, Lior Levinsky <levinskylior () googlemail com>wrote:
The function get_diffs return normally if all of ip ids was zero , (0 - one or more ip->ip_id != 0 / 1 - All of the ip->ip_id == 0 but there are 2 specail cases : 1. If numSamples < 2 then return IPID_SEQ_UNKNOWN (0) 2. if numSamples > 2 && one of the diffs gt 20000 then return IPID_SEQ_RD (4) And this function get_diffs return value (allipideqz) uses in functions get_ipid_sequence_32 / get_ipid_sequence_16 as paramter to function identify_sequence And this function identify_sequence if alipideqz != 0 return IPID_SEQ_ZERO This mean (if I don't miss something) that in case get_diffs return IPID_SEQ_RD we will definet the class as IPID_SEQ_ZERO and not IPID_SEQ_RD About the IPID_SEQ_UNKNOWN that is zero , and also the value zero is meaning one of the ip_id is not zero , I am not sure the full meaning. Am I miss something ? Here cut&paste of the code : . int get_diffs(u32 *ipid_diffs, int numSamples, u32 *ipids, int islocalhost) { int i; int allipideqz = 1; if (numSamples < 2) return IPID_SEQ_UNKNOWN; for (i = 1; i < numSamples; i++) { if (ipids[i - 1] != 0 || ipids[i] != 0) allipideqz = 0; /* All IP.ID values do *NOT* equal zero */ ipid_diffs[i - 1] = ipids[i] - ipids[i - 1]; /* Random */ if (numSamples > 2 && ipid_diffs[i - 1] > 20000) return IPID_SEQ_RD; } return allipideqz; } /* Indentify the ipid sequence for 32-bit IPID values (IPv6) */ int get_ipid_sequence_32(int numSamples, u32 *ipids, int islocalhost) { int allipideqz=1; u32 ipid_diffs[32]; assert(numSamples < (int) (sizeof(ipid_diffs) / 2)); allipideqz = get_diffs(ipid_diffs, numSamples, ipids, islocalhost); return identify_sequence(numSamples, ipid_diffs, islocalhost, allipideqz); } /* Indentify the ipid sequence for 16-bit IPID values (IPv4) */ int get_ipid_sequence_16(int numSamples, u32 *ipids, int islocalhost) { int i; int allipideqz=1; u32 ipid_diffs[32]; assert(numSamples < (int) (sizeof(ipid_diffs) / 2)); allipideqz = get_diffs(ipid_diffs, numSamples, ipids, islocalhost); /* AND with 0xffff so that in case the 16 bit counter was * flipped over we still have a continuous sequence */ for (i = 0; i < numSamples; i++) { ipid_diffs[i] = ipid_diffs[i] & 0xffff; } return identify_sequence(numSamples, ipid_diffs, islocalhost, allipideqz); } int identify_sequence(int numSamples, u32 *ipid_diffs, int islocalhost, int allipideqz) { int i, j, k, l; /* ZERO */ if (allipideqz) return IPID_SEQ_ZERO; .... } -- Best Regards, Lior Levinsky - Software & Consulting Services Mobile : +972-50-7370190 email : levinskylior () gmail com Address : P.O. 647 Rishon-Letzion , Israel 75106 _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Report Bug: IPID_SEQ_RD Lior Levinsky (Mar 15)
- Re: Report Bug: IPID_SEQ_RD Daniel Miller (Mar 15)