mailing list archives
Re: [nmap-svn] r8541 - nmap
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 1 Jul 2008 00:44:49 +0000
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 30 Jun 2008 16:55:19 -0700
Kris Katterjohn <katterjohn () gmail com> committed:
Date: Mon Jun 30 16:55:19 2008
New Revision: 8541
Adding packet validity checking to readip_pcap() so the caller can
assume the packet is OK from the get-go rather than running basic
checks of it's own.
This seems to work great after doing what testing I could. It's been
out on nmap-dev for a couple of weeks without any bad reports (none
at all for that matter). I reviewed this patch again before
committing and it looks good as well.
I actually tested this quite a bit but never got a chance to post my
results. I scanned ~50k hosts on campus on all 64k ports. I also
scanned all our IPs on a about a dozen ports. I also randomly scanned
200M Internet hosts on a handful of ports before Time Warner threatened
to turn me off.
* Nmap never crash
* The only errors I triggered were packets with unknown/bad IP options
* I couldn't get any really bad packets back
It seems that most routers won't forward really screwed up IP packets
and since the local router constructs the data-link header most
problems can only show up on the local segment.
I figure someone could setup a local host that deliberately screws up
outgoing frames but overall, I think the patch looks good enough we
don't need to do that kind of testing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- Re: [nmap-svn] r8541 - nmap Brandon Enright (Jul 01)