-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 30 Jun 2008 16:55:19 -0700
Kris Katterjohn <katterjohn_at_gmail.com> committed:
> Author: kris
> Date: Mon Jun 30 16:55:19 2008
> New Revision: 8541
>
> Modified:
> nmap/idle_scan.cc
> nmap/osscan2.cc
> nmap/scan_engine.cc
> nmap/tcpip.cc
> nmap/tcpip.h
> nmap/traceroute.cc
>
> Log:
> Adding packet validity checking to readip_pcap() so the caller can
> assume the packet is OK from the get-go rather than running basic
> checks of it's own.
>
...snip...
>
> This seems to work great after doing what testing I could. It's been
> out on nmap-dev for a couple of weeks without any bad reports (none
> at all for that matter). I reviewed this patch again before
> committing and it looks good as well.
>
I actually tested this quite a bit but never got a chance to post my
results. I scanned ~50k hosts on campus on all 64k ports. I also
scanned all our IPs on a about a dozen ports. I also randomly scanned
200M Internet hosts on a handful of ports before Time Warner threatened
to turn me off.
The results:
* Nmap never crash
* The only errors I triggered were packets with unknown/bad IP options
* I couldn't get any really bad packets back
It seems that most routers won't forward really screwed up IP packets
and since the local router constructs the data-link header most
problems can only show up on the local segment.
I figure someone could setup a local host that deliberately screws up
outgoing frames but overall, I think the patch looks good enough we
don't need to do that kind of testing.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkhpfggACgkQqaGPzAsl94Is/ACgnisHWYQNT4kj2UR6JNEmFJHN
AxQAnAzEcBfUZ53qPTiM45cmufLzL0dt
=I7Dm
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jun 30 2008
Intro
