Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: patch: force sport=udp/500 when dport=udp/500 (fwd)

From: Brett Eldridge <beldridg () pobox com>
Date: Sun, 5 May 2002 07:36:10 -0700 (PDT)
hi,

fyodor recommended i post this message here instead of nmap-hackers (my
original message is below and then a copy of fyodor's mail follows with
some comments about the patch itself).

- brett


---------- Original message --------

most isakmpd implementations use a sport=udp/500 for IKE. this patch
forces that behavior instead of using an ephemeral udp port.

the RFCs are pretty unclear as to whether the initiator must use a source
port of udp/500 but i've never witnessed a system that didn't use it by
default.

thoughts? outcries?

- brett


--- nmap-2.54BETA33/tcpip.c     Sat Apr 20 17:20:09 2002
+++ nmap-2.54BETA33-mod/tcpip.c Fri May  3 14:40:53 2002
@@ -541,6 +541,12 @@
 udp->uh_dport = htons(dport);
 udp->uh_ulen = htons(8 + datalen);

+/* RFC 2408 implies udp sport of 500, but isn't totally clear. Most
+   daemons use sport==500. IKEv2 will change this for NAT support */
+if ( dport == 500 ) {
+       udp->uh_sport = udp->uh_dport;
+}
+
  /* We should probably copy the data over too */
 if (data)
   memcpy(packet + sizeof(struct ip) + sizeof(udphdr_bsd), data, datalen);




---------- Forwarded message ----------
Date: Sun, 5 May 2002 03:14:19 -0700
From: Fyodor <fyodor () insecure org>
To: Brett Eldridge <beldridg () pobox com>
Subject: Re: patch: force sport=udp/500 when dport=udp/500

On Fri, May 03, 2002 at 02:46:34PM -0700, Brett Eldridge wrote:

most isakmpd implementations use a sport=udp/500 for IKE. this patch
forces that behavior instead of using an ephemeral udp port.


Hi Brett,

why don't you send this same mail to nmap-dev () insecure org instead.

Thanks,
Fyodor

PS: I'm not convinced that the main Nmap distribution should do this
(opens a can of worms, for example, what to do if the user specified a
source port with -g).  But it the patch could certainly be useful for some
people.





---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: