Re: NPing issue.

[David Fifield <david () bamsoftware com>]

On Fri, Oct 23, 2009 at 07:18:20PM -0400, AFH Security wrote:
> I'm fairly new to the list so I just figured I'd let everyone know that  
> "nping" may or may not have an issue.,I notice an issue when I tried to  
> compile NPing I had an issue with "libnbase" and then someone suggested  
> in the #nmap irc channel on Freenode, that I should "make clean" before  
> "make", so that cleared everything and finally compiled. I used  
> "checkinstall" to create a deb package.
>
> One it finally installed , I was eager to try out a few options.
> Oh of which I thought would be pretty neat to see the responses on my  
> "test box", having a packet sniffer running on the box getting ready to  
> receive all the packets, I send a packet created with nping to the  
> testbox. Sadly, no success.
> Now, I'm not sure if it's my fault on whether or not I used the tool  
> correctly, but I know with Hping all I had to do was specify the source,  
> and destination .... So that's what I did.. firstly I tried it with 
> hping3
>
> sudo hping3 -SA -c 5 -d 187 -j -a spoofer.testnetwork.lan -p 139 -s 4444  
> victimbox.testnetwork.lan
>
> Everything seemed to have work just fine... Then I tried the same using  
> Nping is here is the following results.:
>
> sudo nping --tcp -p 139 -g 4444 --flags syn -S  
> spoofedbox.testnetwork.lan victimbox.testnetwork.lan
>
> I get: nping: common_modified.cc:973: bool route_dst(const  
> sockaddr_storage*, route_nfo*, bool, char*, sockaddr_storage*):  
> Assertion `device[0] != '\0'' failed.
> Aborted

Thanks for the report. Nping shouldn't be giving an assertion failure in
this case, but a more helpful error message. It looks like when you're
using the -S option you also have to use the -e option unless the
spoofed address you give is one of your real addresses.

Nmap does the same thing with -S. You get a warning like this:

# nmap -S 192.168.0.21 target.com
WARNING:  If -S is being used to fake your source address, you may also
have to use -e <interface> and -PN .  If you are using it to specify
your real source address, you can ignore this warning.

If you use an address that is not one of your assigned addresses, you get

# nmap -S 192.168.0.22 google.com
Could not figure out what device to send the packet out on with the
source address you gave me!  If you are trying to sp00f your scan, this
is normal, just give the -e eth0 or -e ppp0 or whatever.  Otherwise you
can still use -e, but I find it kindof fishy.

That second message is, I think, what the assertion failure is trying to
express.

I suppose that Nping could use by default whichever interface is
connected to the default gateway, or it could check to see if the
spoofed address is within the netmask of a configured interface.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/