Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] Prevent execution of unintended Nmap scans when invalid targets are specified.
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 May 2009 11:02:57 -0600

On Thu, May 07, 2009 at 01:31:25AM +0100, jah wrote:
Hi folks,

The command:

nmap #192.168.1.1

will result in a scan against 0.168.1.1.

A command such as
nmap 192.168.1.0/
or
nmap 192.168.1.0/ab
will be interpreted as having a netmask of zero causing nmap to scan the
IPv4 internet (which is fun!).

Nice job. I found some other weird syntax that Nmap supports while I was
working on Ncat --allow and --deny.

http://seclists.org/nmap-dev/2009/q1/0451.html

Thanks, from your report I found that Ncat also took "1.2.3.4/" to mean
"1.2.3.4/0". That is fixed now.

I like the patch but I would like the netmask checking done with strtol
rather than manually checking that every byte is a digit. strtol also
checks for things like overflow. There's a function, parse_long, in
ncat/utils.c that I use to parse integers that shouldn't be allowed to
have a sign or any other accoutrements. ncat/ncat_hostmatch.c has
examples of error checking.

Please feel free to check in your identation fixes separately from the
functional change.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault