v3.70 syn sneaky is a self-tarpit

[Curtis Doty <Curtis () GreenKey net>]

Something's amiss with 'sneaky' timing. More often than not, it will 
hang indefinitely on one port; constantly SYNing but not moving on.

# tethereal -ntr host 2.2.2.2 & sleep 2 ; NMAPDIR=. ./nmap -nvsS -P0 
-p21,80 -Tsneaky 2.2.2.2 ; fg        
[1] 7708
Capturing on eth0

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-09-05 21:06 PDT
Initiating SYN Stealth Scan against 2.2.2.2 [2 ports] at 21:06
 0.000000 1.1.1.1 -> 2.2.2.2 TCP 46946 > 21 [SYN] Seq=0 Ack=0 Win=3072 
Len=0
 0.013752 2.2.2.2 -> 1.1.1.1 TCP 21 > 46946 [RST, ACK] Seq=0 Ack=0 
Win=0 Len=0
SYN Stealth Scan Timing: About 50.00% done; ETC: 21:07 (0:00:30 remaining)
15.000741 1.1.1.1 -> 2.2.2.2 TCP 46959 > 21 [SYN] Seq=0 Ack=0 Win=1024 
Len=0
15.010665 2.2.2.2 -> 1.1.1.1 TCP 21 > 46959 [RST, ACK] Seq=0 Ack=0 
Win=0 Len=0
30.001497 1.1.1.1 -> 2.2.2.2 TCP 46960 > 21 [SYN] Seq=0 Ack=0 Win=2048 
Len=0
30.012888 2.2.2.2 -> 1.1.1.1 TCP 21 > 46960 [RST, ACK] Seq=0 Ack=0 
Win=0 Len=0
45.002253 1.1.1.1 -> 2.2.2.2 TCP 46961 > 21 [SYN] Seq=0 Ack=0 Win=4096 
Len=0
45.011504 2.2.2.2 -> 1.1.1.1 TCP 21 > 46961 [RST, ACK] Seq=0 Ack=0 
Win=0 Len=0
SYN Stealth Scan Timing: About 50.00% done; ETC: 21:09 (0:01:15 remaining)
60.003007 1.1.1.1 -> 2.2.2.2 TCP 46962 > 21 [SYN] Seq=0 Ack=0 Win=1024 
Len=0
60.014411 2.2.2.2 -> 1.1.1.1 TCP 21 > 46962 [RST, ACK] Seq=0 Ack=0 
Win=0 Len=0
caught SIGINT signal, cleaning up
tethereal -ntr host 2.2.2.2
10 packets captured

It would have continued ad nauseum, unless I broke in. This problem does 
not occur on earlier versions. Nor does it occur with 'polite' or 
'normal' timing. This is confirmed on various flavors of 
linux--including Shrike and Fedora.

../C

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org