Nmap Development mailing list archives
Re: Gen1 OS Detection bugs?
From: "Kris Katterjohn" <katterjohn () gmail com>
Date: Sat, 19 May 2007 20:03:15 -0500
On 5/19/07, Fyodor <fyodor () insecure org> wrote:
On Thu, May 17, 2007 at 12:46:05PM -0500, Kris Katterjohn wrote:I made a patch to fix Sebastian's problem when using OS Detection (gen1) and port 0. He said the patch works for him, and I test the SVN versionof Nmap, got the problem, and the patch fixes it for me, too. So that seems to work..Hi Kris! This looks good and I've applied it. Thanks.
Coolness
Apparently, Nmap actually sends a UDP packet to a closed *TCP* port instead of UDP. It uses the same closed port number it grabs for TCP and uses it for UDP. Is it for some reason the intended behavior? Or has it been like this so long that the wrong results would be given if this is fixed?Yes, I agree that is dumb. We did fix that in the 2nd generation system. I've been pretty much leaving the 1st gen system alone. I would like to get rid of it as soon as the gen2 system is as big as gen1. We're still a ways from that, however: flog~/nmap>egrep '^Fingerprint' nmap-os-fingerprints | wc 1684 10494 78796 flog~/nmap>egrep '^Fingerprint' nmap-os-db | wc 414 2477 18890 I guess I need to get working on integrating all those fingerprint submissions people have been sending in!The second is a rough patch to possibly fix the possible problemYour wording doesn't inspire a whole lot of confidence :). But if you test the patch such that you are confident it works, please do apply it to /nmap.
Well there's a (pretty) good reason :) I wasn't sure if it was, for whatever reason, desired (or noticed before and not patched because the DB is based on how it's been done), or if you would be concerned enough because it was just in Gen1, so I didn't thoroughly test it. It worked for me when I did test it, though. I really sent it to show it was a seemingly simple fix and to hopefully have others test it as well (or use this patch as a base if they had something better). Sort of a PoC because I'm not very familiar with the OS Detection code :) I'll try to get it tested and committed tomorrow (I've been feeling like crap since I woke up this morning). Cheers,
-F
Thanks, Kris Katterjohn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Gen1 OS Detection bugs? Kris Katterjohn (May 17)
- Re: Gen1 OS Detection bugs? Fyodor (May 19)
- Re: Gen1 OS Detection bugs? Kris Katterjohn (May 19)
- Re: Gen1 OS Detection bugs? Fyodor (May 19)