Re: ACK is being sent with a sequence of 0 every time.

[James Rogers <jamesmrogers () gmail com>]

Still recommending we fix the acks always sending with a 0 sequence
number bug with a patch like this:

jrogers@jrogers-1015PX:~/nmap/source/original/nmap$ svn diff *.cc
Index: scan_engine.cc
===================================================================
--- scan_engine.cc      (revision 29046)
+++ scan_engine.cc      (working copy)
@@ -3369,9 +3369,10 @@
        comes back (possibly incremented) in the ACK field of responses. But if
        our probe has the ACK flag set, the response reflects our own ACK number
        instead. */
-    if (pspec->pd.tcp.flags & TH_ACK)
+    if (pspec->pd.tcp.flags & TH_ACK) {
       ack = seq32_encode(USI, tryno, pingseq);
-    else
+      seq = get_random_u32();
+    } else
       seq = seq32_encode(USI, tryno, pingseq);

     if (pspec->pd.tcp.flags & TH_SYN) {

This way when we send an ack we also fill in the seq with something
other than 0.

On Wed, Jun 13, 2012 at 4:33 PM, James Rogers <jamesmrogers () gmail com> wrote:
> I see this sequence number issue as different  than the spurious port
> closed bug, that I why I broke it up in a different email.
>
> On Wed, Jun 13, 2012 at 4:16 PM, David Fifield <david () bamsoftware com> wrote:
> > On Wed, Jun 13, 2012 at 03:58:28PM -0400, James Rogers wrote:
> > > Thanks for the other comment location and the revision log number.  I
> > > will read that.
> > >
> > > I'll try  get_random_u32() there to see what effect that has.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/