Nmap Development mailing list archives
Re: Bug regarding IPv6 scanning
From: David Fifield <david () bamsoftware com>
Date: Mon, 17 Nov 2008 11:05:39 -0700
On Wed, Oct 22, 2008 at 09:39:16PM +0200, Andreas Lang wrote:
After working around, I think I found a bug within port scaning in an IPv6 network. The Bug is still in version nmap 4.76 and can be described as follows: By using the parameters -6 and -A to scan the ipv6-localhost ::1 for a non root user the result is like expected the list of all open ports and its service behind it. If the same parameters are used for the root user (tested on a linux machine with 2.6.24 kernel) then the message is posted, that the parameters are not supported for IPv6 scanning. And IPv6 is only avalible for connect() scan ... etc. I think, if the scanning technique with the selected parameters work well for non-root users, then the same parameter set must work for the root user.
The reason for that is that -A has a different meaning for root and non-root users. For non-root it means -sC -sV. For root it means -sC -sV -O --traceroute. Maybe it's a good idea to have have it drop to -sC -sV for IPv6 scanning too. A patch like this would do it: =================================================================== --- nmap.cc (revision 11109) +++ nmap.cc (working copy) @@ -957,7 +957,7 @@ #ifndef NOLUA o.script = 1; #endif - if (o.isr00t) { + if (o.isr00t && o.af() == AF_INET) { o.osscan = OS_SCAN_DEFAULT; o.traceroute = true; } But that has the unfortunate effect that "nmap -6 -A" will be different than "nmap -A -6". We already require -6 to come at the beginning of the command line most of the time anyway. My inclination is to leave things like they are and not add more special logic to -A. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Bug regarding IPv6 scanning Andreas Lang (Oct 22)
- Re: Bug regarding IPv6 scanning David Fifield (Nov 17)