Nmap Development mailing list archives
Re: DNS bug in nmap-4.00 on PPC and SPARC
From: "E. Seth Miller" <esmiller () umich edu>
Date: Thu, 2 Feb 2006 17:09:40 -0500 (EST)
Andy-
Well, the patch does stop it from printing the wrong domain name.
However, it also doesn't print the correct one (it only prints the IP).
This is only true on big-endian machines -- on little-endian, it works
correctly (from a user perspective, it is identical to an unpatched
version). If it would help, I can set up a PowerPC Mac for you to test
on, and a list of machines on the same subnet which you could portscan to
your heart's content.
-Seth
On Wed, 1 Feb 2006, Andrew Lutomirski wrote:
The old code looks doubly-broken -- it wrote the octets high-to-low (should have been low-to-high), but it also forgot to ntohl the IP address, so it was reversed again on little-endian machines and thus worked by accident. This patch compiles, but I haven't tested it at all (and I don't have a big-endian machine, so I couldn't do a good job of it anyway). --Andy On 1/31/06, E. Seth Miller <esmiller () umich edu> wrote:Greetings- I seem to have found a bug with nmap-4.00 when running on PowerPC and SPARC systems. The new DNS resolution looks up the reverse of the correct IP, eg. nmap 141.213.30.72 gives you the domain name belonging to 72.30.213.141. I've tested this on MacOS 10.4.4, MacOS 10.3.9, Solaris 2.8, and Gentoo Linux PPC (system details appear below) and found this result. I also tested it on Gentoo Linux x86 (2.4 and 2.6 kernels), where it works fine. I'm guessing it is a problem on all big-endian systems. (If you really want, I can dig up NetBSD/mac68k machine to test on as well. Yeah, I didn't think so.) I don't have a patch for this, and, realistically, I doubt I can come up with one -- I can't code to save my life. Hopefully this helps anyway, and hopefully this hasn't already been reported and I just missed it. Let me know if I can do anything else to assist. -Seth Miller Sample run (note that the correct DNS for this IP is beast.dmc.dc.umich.edu): [dc-at-3dmac:~] root# /usr/local/bin/nmap -sS 141.213.30.72 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-01-31 18:57 EST Interesting ports on dc501007.inktomisearch.com (141.213.30.72): (The 1671 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh MAC Address: 00:04:AC:CB:61:02 (IBM) Nmap finished: 1 IP address (1 host up) scanned in 0.964 seconds [dc-at-3dmac:~] root# Machine details: weird-al:willy willy$ gcc --version powerpc-apple-darwin8-gcc-4.0.0 (GCC) 4.0.0 (Apple Computer, Inc. build 5026) weird-al:willy willy$ uname -a Darwin weird-al.local 8.3.0 Darwin Kernel Version 8.3.0: Mon Oct 3 20:04:04 PDT 2005; root:xnu-792.6.22.obj~2/RELEASE_PPC Power Macintosh powerpc [12" PowerBook 1GHz running MacOS 10.4.4] [dc-at-3dmac:~] root# gcc --version powerpc-apple-darwin8-gcc-4.0.1 (GCC) 4.0.1 (Apple Computer, Inc. build 5250) [dc-at-3dmac:~] root# uname -a Darwin dc-at-3dmac.dmc.dc.umich.edu 8.4.0 Darwin Kernel Version 8.4.0: Tue Jan 3 18:22:10 PST 2006; root:xnu-792.6.56.obj~1/RELEASE_PPC Power Macintosh powerpc [PowerMac G4 (Quicksilver 2002 DP) running MacOS 10.4.4] [TiFighter:~] esmiller% gcc --version gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1671) [TiFighter:~] esmiller% uname -a Darwin dhcp4.public.dc.umich.edu 7.9.0 Darwin Kernel Version 7.9.0: Wed Mar 30 20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power Macintosh powerpc [15" Titanium PowerBook 1GHz running MacOS 10.3.9] [aerfs:~] esmiller% gcc --version gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1671) [aerfs:~] esmiller% uname -a Darwin aerfs.dmc.dc.umich.edu 7.9.0 Darwin Kernel Version 7.9.0: Wed Mar 30 20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power Macintosh powerpc [PowerMac G4 (Gigabit Ethernet DP) running MacOS 10.3.9] willy@ltg-pmac2 ~/nmap-4.00 $ gcc --version gcc (GCC) 3.4.4 (Gentoo 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8) willy@ltg-pmac2 ~/nmap-4.00 $ uname -a Linux ltg-pmac2.dmc.dc.umich.edu 2.4.26-ppc #6 Mon Jun 7 08:59:48 EDT 2004 ppc 740/750 PowerMac1,1 GNU/Linux [PowerMac G3 (B&W) running Gentoo Linux] hap% gcc --version 3.0.3 hap% uname -a SunOS hap.lsa.umich.edu 5.8 Generic_117000-03 sun4u sparc SUNW,Sun-Fire-280R [SunFire 280R running Solaris 2.8] esmiller@angevin ~ $ gcc --version gcc (GCC) 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8) esmiller@angevin ~ $ uname -a Linux angevin 2.6.12-gentoo-r9 #1 SMP Mon Aug 22 07:24:08 EDT 2005 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux [Dell Precision 420 running Gentoo Linux] [works correctly on this box -- included for completeness.] _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andrew Lutomirski (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 02)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andy Lutomirski (Feb 02)
- Re: DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 02)
- <Possible follow-ups>
- Re: DNS bug in nmap-4.00 on PPC and SPARC Tony Doan (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andrew Lutomirski (Feb 01)