Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

bugfix : wrong IPIDs generation algorithm

From: Guillaume PRIGENT <guillaume.prigent () diateam net>
Date: Thu, 26 Mar 2009 12:58:09 +0100
Hi,

While working on a tool called IpMorph (it's purpose is to fool all
active and passive OSFP tools) i noticed Nmap didn't always properly
analyse the IPIDs generation algorithm. Notably, in the array of IPIDs
Nmap gathers, the second one was sometimes replaced by the last one,
resulting in a difference way over 1 between the first two IPIDs, thus
resulting in Nmap concluding the IPIDs were generated in an unknown
manner instead of incrementally.

I noticed in osscan2.cc what looks like an copy-paste error, so I fixed
that, and now all works fine. You will find the patch attached.

Sincerely,
Guillaume PRIGENT

-- 
Guillaume PRIGENT - http://minos.diateam.net
Direction technique - DIATEAM : Architectes de l'information
Phone : +33 (0)298 050 050 Fax : +33 (0)2 98 050 051
GSM   : +33 (0)685 172 042

--

"A privilégier la sécurité sur la liberté, on risque de perdre les deux"
    B.Franklin

Index: osscan2.cc
===================================================================
--- osscan2.cc  (révision 12685)
+++ osscan2.cc  (copie de travail)
@@ -1826,7 +1826,7 @@ void HostOsScan::makeTSeqFP(HostOsScanStats *hss)
     
     if (hss->ipid.tcp_closed_ipids[i] != -1) {
       if (good_tcp_closed_ipid_num < i) {
-        hss->ipid.tcp_ipids[good_tcp_closed_ipid_num] = hss->ipid.tcp_closed_ipids[i];
+        hss->ipid.tcp_closed_ipids[good_tcp_closed_ipid_num] = hss->ipid.tcp_closed_ipids[i];
       }
       good_tcp_closed_ipid_num++;
     }


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: