Re: Addition to private address space in NMAP-7.xx

[Daniel Miller <bonsaiviking () gmail com>]

Bill,

Thanks for pointing this out. Currently, the only place we use this
function is in the printing of unidentified OS fingerprints (osscan.cc,
L713), so there's not a big rush to get this fixed immediately. That gives
us the chance to do it well. Your patch is a great start, but looking at
some parallel code in nselib/ipOps.lua, I see that there are other
addresses that could be checked for: RFCs 3330, 6890, 5737, 2544, 1112,
3171, etc. for IPv4. Also, IPv6 addresses are not currently handled at all.

If you can provide a patch that handles at least the IPv6 link-local
addresses as well, we could get that committed right away. If not, you
could help out by putting in a feature request at http://issues.nmap.org/new
. Also, double-check the numbers for the 169.254 block, as it looks like
you're checking for 192.254.

Dan

On Sat, Dec 12, 2015 at 3:00 PM, Bill Parker <wp02855 () gmail com> wrote:

> Subj: Add Link-Local Address Network Assignment Block (IPv4) to netutil.cc
> in NMAP-7.xx
>
> Hello All,
>
>    In reviewing source code for NMAP 7.xx, I found in sub-directory
> 'libnetutil', file 'netutil.cc', that the private Microsoft Network
> block 169.254.0.0/16 (which is assigned if MS DHCP fails for some
> reason) is not included in the private IPv4 network listing in function
> 'isipprivate'.
>
> In RFC 3927, the Internet Engineering Task Force has reserved the
> address block 169.254.1.0 through 169.254.254.255] for link-local
> addressing in Internet Protocol Version 4. Link-local addresses
> are assigned to interfaces by host-internal, i.e. stateless,
> address autoconfiguration when other means of address assignment
> are not available.
>
> The patch file(s) below addresses this issue:
>
> --- netutil.cc.orig 2015-12-12 11:37:32.975996104 -0800
> +++ netutil.cc 2015-12-12 11:46:38.785365668 -0800
> @@ -1789,6 +1789,9 @@
>
>  /* Determines whether the supplied address corresponds to a private,
>   * non-Internet-routable address. See RFC1918 for details.
> + *
> + * Also checks for link-local addressing per RFC3927.
> + *
>   * Returns 1 if the address is private or 0 otherwise. */
>  int isipprivate(const struct sockaddr_storage *addr) {
>    const struct sockaddr_in *sin;
> @@ -1810,7 +1813,11 @@
>      return 1;
>
>    /* 172.16.0.0/12 */
> -  if (i1 == 172 && i2 >= 16 && i2 <= 31)
> +  if (i1 == 172 && (i2 >= 16 && i2 <= 31))
> +    return 1;
> +
> +  /* 169.254.0.0/16 - RFC 3927 */
> +  if (i1 == 192 && i2 == 254)
>      return 1;
>
>    /* 192.168.0.0/16 */
>
> =======================================================================
>
> --- netutil.h.orig 2015-12-12 11:48:11.294123055 -0800
> +++ netutil.h 2015-12-12 11:48:52.351341217 -0800
> @@ -433,6 +433,7 @@
>
>  /* Determines whether the supplied address corresponds to a private,
>   * non-Internet-routable address. See RFC1918 for details.
> + * Also checks for link-local addresses per RFC3927.
>   * Returns 1 if the address is private or 0 otherwise. */
>  int isipprivate(const struct sockaddr_storage *addr);
>
> =======================================================================
>
> I am attaching the patch file(s) to this report...
>
> Comments, Questions, Complaints, Suggestions? :)
>
> Bill Parker (wp02855 at gmail dot com)
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/