Re: NMAP crash -- more

[David Fifield <david () bamsoftware com>]

On Mon, Sep 17, 2012 at 01:21:11PM -0700, Fyodor wrote:
> On Thu, Sep 13, 2012 at 01:29:07PM -0700, David Fifield wrote:
> > I think this is unrelated to the problem of exceeding the socket limit.
> > OS detection seems to ignore -S the same way it ignores -g and other
> > options. See http://nmap.org/book/man-bypass-firewalls-ids.html.
> > Ignoring -S is probably a bug. But I think you will see the same during
> > OS detection against any host, not just this one that is exceeding the
> > socket limit.
>
> For what it is worth, -S seems to work with -O in my quick testing.
> For example, I did this on my Linux box with latest svn:
>
> ./nmap -S 127.0.0.2 -p8080,2000 -O localhost -e lo --packet-trace
>
> And all of the sent packets came from 127.0.0.2.

I see. Maybe the problem then is not in OS scan but in Nsock. starlight
needs different source addresses on different interfaces. In Nsock we
bind to a source address, but we don't use the SO_BINDTODEVICE sockopt
to force a particular interface.

Nsock seemst o do the right thing when I try 127.0.0.2 as in your test,
but it might be only because 127.0.0.1 and 127.0.0.2 are both on the lo
interface, so SO_BINDTODEVICE is not needed.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/