Re: Gen1 OS Detection bugs?

[Fyodor <fyodor () insecure org>]

On Thu, May 17, 2007 at 12:46:05PM -0500, Kris Katterjohn wrote:
> I made a patch to fix Sebastian's problem when using OS Detection (gen1)
> and port 0.  He said the patch works for him, and I test the SVN version
> of Nmap, got the problem, and the patch fixes it for me, too.  So that
> seems to work.. 

Hi Kris!  This looks good and I've applied it.  Thanks.

> Apparently, Nmap actually sends a UDP packet to a closed *TCP* port
> instead of UDP.  It uses the same closed port number it grabs for TCP
> and uses it for UDP.  Is it for some reason the intended behavior?  Or
> has it been like this so long that the wrong results would be given if
> this is fixed? 

Yes, I agree that is dumb.  We did fix that in the 2nd generation
system.  I've been pretty much leaving the 1st gen system alone.  I
would like to get rid of it as soon as the gen2 system is as big as
gen1.  We're still a ways from that, however:

flog~/nmap>egrep '^Fingerprint' nmap-os-fingerprints | wc
   1684   10494   78796
flog~/nmap>egrep '^Fingerprint' nmap-os-db | wc
    414    2477   18890

I guess I need to get working on integrating all those fingerprint
submissions people have been sending in!

> The second is a rough patch to possibly fix the possible problem

Your wording doesn't inspire a whole lot of confidence :).  But if you
test the patch such that you are confident it works, please do apply
it to /nmap.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org