Nmap Development mailing list archives
OS fingerprinting bug
From: William Robertson <wkr () cs ucsb edu>
Date: Thu, 25 Apr 2002 18:53:51 -0700
Apologies if this is a repeat, but I don't think my previous mail made it to the list. Anyway, I believe I've found a bug in the OS fingerprinting routine in nmap. Specifically, if you're scanning a machine which responds to all of the tests (T1-T7 and PU), nmap will drop a response (usually the ICMP port unreachable datagram). This happens because testsleft is set to 7 if an open port was found, and the routine breaks out of the receive loop when testsleft == 0. However, since there are 8 tests, if a machine responds to all of them, the last response received is picked up in the TCP sequencing receive loop instead. The attached patch is against nmap 2.54BETA32. -- | William Robertson | "10000101110110111000010110000110" -- /dev/random | | wkr () cs ucsb edu | 2F56 8B0E E97E 3136 C4B6 6B89 4088 75B8 90A3 BED4 |
Attachment:
nmap-2.54BETA32-testsleft.diff
Description:
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- OS fingerprinting bug William Robertson (Apr 25)
- Re: OS fingerprinting bug Fyodor (Apr 26)