Nmap Development mailing list archives
Major bug in gen1 tcp sequence prediction
From: Richard van den Berg <richard.vandenberg () ins com>
Date: Tue, 13 Mar 2007 17:56:42 +0100
I was just troubleshooting the fact that the gen1 OS scan code from nmap 4.20 (and 4.21alpha1) always reports the TCP ISN sequence prediction as a trivial joke. The solution is a lot easier than I had thought. From osscan.cc: if (si->seqs[seq_response_num] == 0) { /* New response found! */ si->responses++; // si->seqs[seq_response_num] = ntohl(tcp->th_seq); /* TCP ISN */ si->seqs[seq_response_num] = fake_seqs[seq_response_num]; /* TCP ISN */ Unfortunately the gen1 code is used a lot since it serves as a fallback when the gen2 code does not find a match. Can someone please deactivate the fake_seqs[] table for the next nmap release? Sincerely, -- Richard van den Berg | Senior Consultant | BT INS | Mob: +31 (0)652071109 | E: richard.vandenberg () bt com | http://bt.ins.com/ This electronic message contains information from BT INS, Inc, which may be privileged or confidential. The information is intended for use only by the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic message in error, please notify me by telephone or email (to the number or email address above) immediately. Activity and use of the BT INS, Inc e-mail system is monitored to secure its effective operation and for other lawful business purposes. Communications using this system will also be monitored and may be recorded to secure effective operation and for other lawful business purposes. BT INS Inc, 1600 Memorex Drive, Suite 200, Santa Clara California 95050-2842 United States _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Major bug in gen1 tcp sequence prediction Richard van den Berg (Mar 13)
- Re: Major bug in gen1 tcp sequence prediction Fyodor (Mar 13)