Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ACK is being sent with a sequence of 0 every time.

From: David Fifield <david () bamsoftware com>
Date: Mon, 25 Jun 2012 12:11:03 -0700
On Mon, Jun 25, 2012 at 02:40:59PM -0400, James Rogers wrote:

Still recommending we fix the acks always sending with a 0 sequence
number bug with a patch like this:

jrogers@jrogers-1015PX:~/nmap/source/original/nmap$ svn diff *.cc
Index: scan_engine.cc
===================================================================
--- scan_engine.cc    (revision 29046)
+++ scan_engine.cc    (working copy)
@@ -3369,9 +3369,10 @@
        comes back (possibly incremented) in the ACK field of responses. But if
        our probe has the ACK flag set, the response reflects our own ACK number
        instead. */
-    if (pspec->pd.tcp.flags & TH_ACK)
+    if (pspec->pd.tcp.flags & TH_ACK) {
       ack = seq32_encode(USI, tryno, pingseq);
-    else
+      seq = get_random_u32();
+    } else
       seq = seq32_encode(USI, tryno, pingseq);

     if (pspec->pd.tcp.flags & TH_SYN) {

This way when we send an ack we also fill in the seq with something
other than 0.


That's fine with me. Offhand I don't know of any reason not to use
random seqs here. (I guess I don't know any reason not to use all-zero
seqs either.)

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: