Nmap Development mailing list archives
Re: [updated patch] fragment scan got broken between 3.50 and 3.75
From: Martin Mačok <martin.macok () underground cz>
Date: Sat, 29 Jan 2005 18:14:59 +0100
On Sat, Jan 29, 2005 at 10:24:33AM +0300, Andrey A. Tutolmin wrote:
I've just tried to use double -f on FreeBSD and got errors:
FreeBSD hosting.host.ru 4.10-RELEASE-p2 FreeBSD 4.10-RELEASE-p2 #1:
root@hosting ~/nlp 555$ /nmapm -sS -f -f -n -q -v -P0 -p T:80,23 --packet_trace ns2 Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-01-29 10:20 MSK Initiating SYN Stealth Scan against 194.67.163.238 [2 ports] at 10:20 sendto in send_ip_packet: sendto(3, packet, 28, 0, 194.67.163.238, 16) => Permission denied sendto in send_ip_packet: sendto(3, packet, 28, 0, 194.67.163.238, 16) => Permission denied SENT (0.0560s) TCP 213.234.205.2:?? > 194.67.163.238:?? ?? ttl=43 id=43640 iplen=24 frag offset=16 (incomplete)
This is interesting - you don't have permission to send first two tiny fragments (len=28) but it seems like the last got it through (len=24) ... could you check it with tcpdump -v (or snort -v) what really leaves the box?
Do you have any idea about this "Permission denied"?
No, is there some limit in FreeBSD raw socket's sendto(2)? Can FreeBSD send tiny fragments (mtu=20+8)? Could you check it with hping2 or some other tool/lib? I have updated the patch so that it does not try to send following fragments when one failes. http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.78-fragment.patch Martin Mačok ICT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 11)
- Message not available
- Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 29)
- Message not available
- Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 30)
- Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 29)
- Message not available
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Fyodor (Jan 30)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Feb 01)
- patches against 3.81 Martin Mačok (Feb 07)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)