Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gen1 OS Detection bugs?

From: "Kris Katterjohn" <katterjohn () gmail com>
Date: Sat, 19 May 2007 20:03:15 -0500
On 5/19/07, Fyodor <fyodor () insecure org> wrote:


On Thu, May 17, 2007 at 12:46:05PM -0500, Kris Katterjohn wrote:


I made a patch to fix Sebastian's problem when using OS Detection (gen1)
and port 0.  He said the patch works for him, and I test the SVN version



of Nmap, got the problem, and the patch fixes it for me, too.  So that
seems to work..


Hi Kris!  This looks good and I've applied it.  Thanks.



Coolness




Apparently, Nmap actually sends a UDP packet to a closed *TCP* port
instead of UDP.  It uses the same closed port number it grabs for TCP
and uses it for UDP.  Is it for some reason the intended behavior?  Or
has it been like this so long that the wrong results would be given if
this is fixed?


Yes, I agree that is dumb.  We did fix that in the 2nd generation
system.  I've been pretty much leaving the 1st gen system alone.  I
would like to get rid of it as soon as the gen2 system is as big as
gen1.  We're still a ways from that, however:

flog~/nmap>egrep '^Fingerprint' nmap-os-fingerprints | wc
   1684   10494   78796
flog~/nmap>egrep '^Fingerprint' nmap-os-db | wc
    414    2477   18890

I guess I need to get working on integrating all those fingerprint
submissions people have been sending in!


The second is a rough patch to possibly fix the possible problem


Your wording doesn't inspire a whole lot of confidence :).  But if you
test the patch such that you are confident it works, please do apply
it to /nmap.




Well there's a (pretty) good reason :)

I wasn't sure if it was, for whatever reason, desired (or noticed before and
not patched because the DB is based on how it's been done), or if you would
be concerned enough because it was just in Gen1, so I didn't thoroughly test
it. It worked for me when I did test it, though. I really sent it to show it
was a seemingly simple fix and to hopefully have others test it as well (or
use this patch as a base if they had something better).  Sort of a PoC
because I'm not very familiar with the OS Detection code :)

I'll try to get it tested and committed tomorrow (I've been feeling like
crap since I woke up this morning).


Cheers,

-F




Thanks,
Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: