Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets
From: David Fifield <david () bamsoftware com>
Date: Wed, 30 Apr 2008 18:06:55 -0600

On Wed, Apr 30, 2008 at 09:44:42PM +0000, Brandon Enright wrote:
So what this really gets down to is the need to stop using rand() on
Windows.  OpenSSL provides an excellent RNG so if/when OpenSSL gets
integrated into Windows we can side-step this whole issue.

The other (not mutually-exclusive) option available to us is to
implement our own PRNG using Mersenne Twister or some other
high-quality PRNG.  This has a few advantages over what we have right

* Even if OpenSSL isn't compiled in, we'll still have a good RNG source

* We could implement a --seed option to generate the *same* set of IPs
across all operating systems Nmap runs on

This seems unstable to me. The IP generator would need its own random
state to avoid being desynchronized by other things that need random
numbers, like acknowledgement numbers. Two runs could get out of sync
after the first scan group, if a different number of retransmits were
necessary, say.

Even if the IP generator has its own state, you could get different
results across versions because of different reserved IP ranges. That's
not so bad, because any IP address that became reserved would be omitted
in the newer version and replaced by a different IP at the end of the
list. But it means you couldn't count on the same seed giving you the
exact same IP addresses.

David Fifield

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]