Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 1 May 2008 00:14:17 +0000

Hash: SHA1

On Wed, 30 Apr 2008 18:06:55 -0600
David Fifield <david () bamsoftware com> wrote:

This seems unstable to me. The IP generator would need its own random
state to avoid being desynchronized by other things that need random
numbers, like acknowledgement numbers. Two runs could get out of sync
after the first scan group, if a different number of retransmits were
necessary, say.

Even if the IP generator has its own state, you could get different
results across versions because of different reserved IP ranges.
That's not so bad, because any IP address that became reserved would
be omitted in the newer version and replaced by a different IP at the
end of the list. But it means you couldn't count on the same seed
giving you the exact same IP addresses.

David Fifield

Excellent points which I overlooked.  These are fixable but mean
that implementing --seed is not simply dropping a new PRNG into nbase;
a minor re-design of how -iR works is needed.

Not all is lost though, you can always get the list of IPs you scanned
via a little awk/grep/sed of your output file and then use them later
with -iL.

I'm glad someone around here thinks these things through :-p


Version: GnuPG v2.0.7 (GNU/Linux)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]