Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Another anomaly: negative distances

From: David Fifield <david () bamsoftware com>
Date: Wed, 20 Jun 2007 13:52:31 -0600
After writing my last message
(http://seclists.org/nmap-dev/2007/q2/0455.html) I realized that
negative network distances are possible too. Just change the firewall
rule to something greater than 64:
        # iptables -t mangle -I POSTROUTING -o eth0 -j TTL --ttl-set 100

There are a few submissions with negative distances. I saw values of
-85, -96, -99, -100, and -104.

r4953 in /nmap-exp/soc07/nmap makes Nmap mark such fingerprints as
unsuitable for submission. There is one small loophole, which is that if
a distance of -1 is calculated it is treated as if the distance is
unknown. This is because the distance is initialized to -1, which is
taken to mean an unknown distance by other parts of the code. I didn't
think it worth the extra code to detect this case, which I think will be
quite uncommon.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: