Nmap Development mailing list archives
Re: Bad IP-checksums
From: Gisle Vanem <gvanem () broadpark no>
Date: Fri, 15 Aug 2008 15:11:02 +0200
"Gisle Vanem" <gvanem () broadpark no> wrote:
But the problem with bad IP-checksums is still there in nmap 4.68. A bit worse than before actually.
After some digging, I found two places where 'ip->ip_sum' wasn't cleared before calculating the sum. I believe the omission in osscan2.cc that was causing me trouble. A patch against today's svn: --- SVN-Latest\osscan2.cc Sat Jul 26 15:27:17 2008 +++ osscan2.cc Fri Aug 15 14:58:59 2008 @@ -3086,6 +3086,9 @@ ip->ip_src.s_addr = source->s_addr; ip->ip_dst.s_addr= victim->s_addr; +#if HAVE_IP_IP_SUM + ip->ip_sum = 0; +#endif upi.ipck = in_cksum((unsigned short *)ip, sizeof(struct ip)); #if HAVE_IP_IP_SUM ip->ip_sum = upi.ipck; --- SVN-Latest\tcpip.cc Fri Aug 15 13:52:55 2008 +++ tcpip.cc Fri Aug 15 15:04:34 2008 @@ -1332,6 +1332,7 @@ if ((fragment-1) * mtu + fdatalen < datalen) ip->ip_off |= htons(IP_MF); #if HAVE_IP_IP_SUM + ip->ip_sum = 0; ip->ip_sum = in_cksum((unsigned short *)ip, headerlen); #endif if (fragment > 1) // copy data payload --gv _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Bad IP-checksums Gisle Vanem (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)
- Re: Bad IP-checksums David Fifield (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)
- Re: Bad IP-checksums Gisle Vanem (Jul 26)
- Re: Bad IP-checksums Gisle Vanem (Jul 26)
- Re: Bad IP-checksums Gisle Vanem (Aug 15)
- Re: Bad IP-checksums Fyodor (Aug 15)
- Re: Bad IP-checksums Gisle Vanem (Aug 15)
- Re: Bad IP-checksums Michael Pattrick (Aug 15)
- Re: Bad IP-checksums Gisle Vanem (Aug 16)
- Re: Bad IP-checksums David Fifield (Aug 20)
- Re: Bad IP-checksums Michael Pattrick (Aug 20)
- Re: Bad IP-checksums Gisle Vanem (Aug 21)
- Re: Bad IP-checksums David Fifield (Aug 21)
- Re: Bad IP-checksums David Fifield (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)