Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r8541 - nmap
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 1 Jul 2008 00:44:49 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 30 Jun 2008 16:55:19 -0700
Kris Katterjohn <katterjohn () gmail com> committed:

Author: kris
Date: Mon Jun 30 16:55:19 2008
New Revision: 8541

Modified:
   nmap/idle_scan.cc
   nmap/osscan2.cc
   nmap/scan_engine.cc
   nmap/tcpip.cc
   nmap/tcpip.h
   nmap/traceroute.cc

Log:
Adding packet validity checking to readip_pcap() so the caller can
assume the packet is OK from the get-go rather than running basic
checks of it's own.

...snip...

This seems to work great after doing what testing I could.  It's been
out on nmap-dev for a couple of weeks without any bad reports (none
at all for that matter).  I reviewed this patch again before
committing and it looks good as well.


I actually tested this quite a bit but never got a chance to post my
results.  I scanned ~50k hosts on campus on all 64k ports.  I also
scanned all our IPs on a about a dozen ports.  I also randomly scanned
200M Internet hosts on a handful of ports before Time Warner threatened
to turn me off.

The results:

* Nmap never crash
* The only errors I triggered were packets with unknown/bad IP options
* I couldn't get any really bad packets back

It seems that most routers won't forward really screwed up IP packets
and since the local router constructs the data-link header most
problems can only show up on the local segment.

I figure someone could setup a local host that deliberately screws up
outgoing frames but overall, I think the patch looks good enough we
don't need to do that kind of testing.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhpfggACgkQqaGPzAsl94Is/ACgnisHWYQNT4kj2UR6JNEmFJHN
AxQAnAzEcBfUZ53qPTiM45cmufLzL0dt
=I7Dm
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]