Nmap Development mailing list archives
[PATCH] Don't Idle scan your idle proxy
From: "Kurt Grutzmacher" <grutz () jingojango net>
Date: Mon, 5 Jun 2006 12:32:59 -0700
While working with an idlescan we recognized that trying to scan the idle proxy with an idle scan would do bad things. Sometimes it would kill the scan, othertimes is just gave us some really funky information. Since you don't want to ever scan the idle proxy I wrote a quick patch to ignore it. Since I couldn't figure out a way to pull out the proxy's IP address from the proxy structure within idle_scan() I pulled some string fun. If someone can clean it up then please do it. This is one of those "works in our testing" scenarios. (in case the patch file gets droped...) --- idle_scan.cc 2006-03-25 15:56:16.000000000 -0800 +++ ../idle_scan.cc 2006-06-05 12:12:08.000000000 -0700 @@ -960,6 +960,7 @@ char *proxyName) { static char lastproxy[MAXHOSTNAMELEN + 1] = ""; /* The proxy used in any previous call */ + static char proxyip[MAXHOSTNAMELEN + 1]; static struct idle_proxy_info proxy; int groupsz; int portidx = 0; /* Used for splitting the port array into chunks */ @@ -981,6 +982,14 @@ return; } + Strncpy(proxyip, proxyName, MAXHOSTNAMELEN); + if(strtok(proxyip, ":")) { + if (!strncmp(target->NameIP(), proxyip, MAXHOSTNAMELEN) ) { + log_write(LOG_STDOUT, "Skipping Idle Scan against %s -- can't idle scan the idle proxy.\n",target->NameIP()); + return; + } + } + target->startTimeOutClock(NULL); /* If this is the first call, */
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- [PATCH] Don't Idle scan your idle proxy Kurt Grutzmacher (Jun 05)
- Re: [PATCH] Don't Idle scan your idle proxy Fyodor (Jun 08)