Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Idlescanning when a zombie increases IPID by 2 - patch

From: "Jirka Vejrazka" <jirka.vejrazka () gmail com>
Date: Mon, 16 Jul 2007 14:37:36 +0100
Hi all,

 no need to describe here how good and useful nmap is - thanks for it! :)

 Lately, my friends and myself found a significant number of network
devices that increase IPID by 2 for every packet. In that case, nmap's
idlescanning (which we love to use) reports that all ports are open on
the target when using such device as a zombie.

 I modified NMAP 4.20 (stable) to support these zombies correctly,
diff attached. Unfortunately, I'm not a C programmer (in fact, I'm not
a programmer at all) so this code is likely to have bugs as it was a
quick-n-dirty solution I've created quicky after seeing NMAP's code
for the first time. I can especially see problems around OS detection
when this modification is applied - I did not pay any attention to
this area. I only tested the idlescanning and it was working fine.

 Anyway, sharing the diff just in case somebody finds it useful and
can use it to produce a production-quality patch :)

 Thanks

   Jirka Vejrazka

Attachment: nmap_idlescan_by_2_diff_against_4.20.txt
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: