Nmap Development mailing list archives
Re: DNS bug in nmap-4.00 on PPC and SPARC
From: Andrew Lutomirski <luto () myrealbox com>
Date: Wed, 1 Feb 2006 16:34:59 -0800
The old code looks doubly-broken -- it wrote the octets high-to-low (should have been low-to-high), but it also forgot to ntohl the IP address, so it was reversed again on little-endian machines and thus worked by accident. This patch compiles, but I haven't tested it at all (and I don't have a big-endian machine, so I couldn't do a good job of it anyway). --Andy On 1/31/06, E. Seth Miller <esmiller () umich edu> wrote:
Greetings-
I seem to have found a bug with nmap-4.00 when running on PowerPC
and SPARC systems. The new DNS resolution looks up the reverse of the
correct IP, eg. nmap 141.213.30.72 gives you the domain name belonging to
72.30.213.141.
I've tested this on MacOS 10.4.4, MacOS 10.3.9, Solaris 2.8, and
Gentoo Linux PPC (system details appear below) and found this result. I
also tested it on Gentoo Linux x86 (2.4 and 2.6 kernels), where it works
fine. I'm guessing it is a problem on all big-endian systems. (If you
really want, I can dig up NetBSD/mac68k machine to test on as well.
Yeah, I didn't think so.)
I don't have a patch for this, and, realistically, I doubt I can
come up with one -- I can't code to save my life. Hopefully this helps
anyway, and hopefully this hasn't already been reported and I just missed
it. Let me know if I can do anything else to assist.
-Seth Miller
Sample run (note that the correct DNS for this IP is
beast.dmc.dc.umich.edu):
[dc-at-3dmac:~] root# /usr/local/bin/nmap -sS 141.213.30.72
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-01-31 18:57
EST
Interesting ports on dc501007.inktomisearch.com (141.213.30.72):
(The 1671 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:04:AC:CB:61:02 (IBM)
Nmap finished: 1 IP address (1 host up) scanned in 0.964 seconds
[dc-at-3dmac:~] root#
Machine details:
weird-al:willy willy$ gcc --version
powerpc-apple-darwin8-gcc-4.0.0 (GCC) 4.0.0 (Apple Computer, Inc. build
5026)
weird-al:willy willy$ uname -a
Darwin weird-al.local 8.3.0 Darwin Kernel Version 8.3.0: Mon Oct 3
20:04:04 PDT 2005; root:xnu-792.6.22.obj~2/RELEASE_PPC Power Macintosh
powerpc
[12" PowerBook 1GHz running MacOS 10.4.4]
[dc-at-3dmac:~] root# gcc --version
powerpc-apple-darwin8-gcc-4.0.1 (GCC) 4.0.1 (Apple Computer, Inc. build
5250)
[dc-at-3dmac:~] root# uname -a
Darwin dc-at-3dmac.dmc.dc.umich.edu 8.4.0 Darwin Kernel Version 8.4.0: Tue
Jan 3 18:22:10 PST 2006; root:xnu-792.6.56.obj~1/RELEASE_PPC Power
Macintosh powerpc
[PowerMac G4 (Quicksilver 2002 DP) running MacOS 10.4.4]
[TiFighter:~] esmiller% gcc --version
gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1671)
[TiFighter:~] esmiller% uname -a
Darwin dhcp4.public.dc.umich.edu 7.9.0 Darwin Kernel Version 7.9.0: Wed
Mar 30 20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power
Macintosh powerpc
[15" Titanium PowerBook 1GHz running MacOS 10.3.9]
[aerfs:~] esmiller% gcc --version
gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1671)
[aerfs:~] esmiller% uname -a
Darwin aerfs.dmc.dc.umich.edu 7.9.0 Darwin Kernel Version 7.9.0: Wed Mar
30 20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power
Macintosh powerpc
[PowerMac G4 (Gigabit Ethernet DP) running MacOS 10.3.9]
willy@ltg-pmac2 ~/nmap-4.00 $ gcc --version
gcc (GCC) 3.4.4 (Gentoo 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8)
willy@ltg-pmac2 ~/nmap-4.00 $ uname -a
Linux ltg-pmac2.dmc.dc.umich.edu 2.4.26-ppc #6 Mon Jun 7 08:59:48 EDT 2004
ppc 740/750 PowerMac1,1 GNU/Linux
[PowerMac G3 (B&W) running Gentoo Linux]
hap% gcc --version
3.0.3
hap% uname -a
SunOS hap.lsa.umich.edu 5.8 Generic_117000-03 sun4u sparc
SUNW,Sun-Fire-280R
[SunFire 280R running Solaris 2.8]
esmiller@angevin ~ $ gcc --version
gcc (GCC) 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8)
esmiller@angevin ~ $ uname -a
Linux angevin 2.6.12-gentoo-r9 #1 SMP Mon Aug 22 07:24:08 EDT 2005 i686
Pentium III (Coppermine) GenuineIntel GNU/Linux
[Dell Precision 420 running Gentoo Linux]
[works correctly on this box -- included for completeness.]
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Attachment:
nmap_dns_endian_fix.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andrew Lutomirski (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 02)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andy Lutomirski (Feb 02)
- Re: DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 02)
- <Possible follow-ups>
- Re: DNS bug in nmap-4.00 on PPC and SPARC Tony Doan (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andrew Lutomirski (Feb 01)