Nmap Development mailing list archives
Re: Bad IP-checksums
From: Gisle Vanem <gvanem () broadpark no>
Date: Fri, 15 Aug 2008 15:11:02 +0200
"Gisle Vanem" <gvanem () broadpark no> wrote:
But the problem with bad IP-checksums is still there in nmap 4.68. A bit worse than before actually.
After some digging, I found two places where 'ip->ip_sum'
wasn't cleared before calculating the sum. I believe the omission
in osscan2.cc that was causing me trouble. A patch against today's
svn:
--- SVN-Latest\osscan2.cc Sat Jul 26 15:27:17 2008
+++ osscan2.cc Fri Aug 15 14:58:59 2008
@@ -3086,6 +3086,9 @@
ip->ip_src.s_addr = source->s_addr;
ip->ip_dst.s_addr= victim->s_addr;
+#if HAVE_IP_IP_SUM
+ ip->ip_sum = 0;
+#endif
upi.ipck = in_cksum((unsigned short *)ip, sizeof(struct ip));
#if HAVE_IP_IP_SUM
ip->ip_sum = upi.ipck;
--- SVN-Latest\tcpip.cc Fri Aug 15 13:52:55 2008
+++ tcpip.cc Fri Aug 15 15:04:34 2008
@@ -1332,6 +1332,7 @@
if ((fragment-1) * mtu + fdatalen < datalen)
ip->ip_off |= htons(IP_MF);
#if HAVE_IP_IP_SUM
+ ip->ip_sum = 0;
ip->ip_sum = in_cksum((unsigned short *)ip, headerlen);
#endif
if (fragment > 1) // copy data payload
--gv
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- Bad IP-checksums Gisle Vanem (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)
- Re: Bad IP-checksums David Fifield (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)
- Re: Bad IP-checksums Gisle Vanem (Jul 26)
- Re: Bad IP-checksums Gisle Vanem (Jul 26)
- Re: Bad IP-checksums Gisle Vanem (Aug 15)
- Re: Bad IP-checksums Fyodor (Aug 15)
- Re: Bad IP-checksums Gisle Vanem (Aug 15)
- Re: Bad IP-checksums Michael Pattrick (Aug 15)
- Re: Bad IP-checksums Gisle Vanem (Aug 16)
- Re: Bad IP-checksums David Fifield (Aug 20)
- Re: Bad IP-checksums Michael Pattrick (Aug 20)
- Re: Bad IP-checksums Gisle Vanem (Aug 21)
- Re: Bad IP-checksums David Fifield (Aug 21)
- Re: Bad IP-checksums David Fifield (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)