Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets
From: Fyodor <fyodor () insecure org>
Date: Wed, 23 Apr 2008 20:05:39 -0700

On Thu, Apr 24, 2008 at 01:54:45AM +0000, Brandon Enright wrote:

The problem here is that the rng is being seeded with time every time it
is called.

I don't think it is.  Here is the code with more context:

      if (badrandomwarning == 0) {
        /*      error("WARNING: your system apparently does not offer /dev/urandom or /dev/random.  Reverting to less 
secure version."); */
        /* Seed our random generator */
        gettimeofday(&tv, NULL);
        srand((tv.tv_sec ^ tv.tv_usec) ^ getpid());

badrandomwarning is a static variable.  So this block should only be
called once.  And when I uncomment the error message, I indeed only
see it printed once.

HOWEVER, removing the srand() does seem to fix the issue on Windows.
But I'm not really included to do that unless we have to, because I'd
rather the library not require that of callers.

I just tried removing the /dev/random stuff on Linux, and Linux still
seems to generate good IPs using the same srand()/rand() code.  So it
may be something specific to Windows or maybe their srand()/rand()

I've only had a few minutes to look at this, but it isn't clear what
the problem is.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]