Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: ACK is being sent with a sequence of 0 every time.
From: David Fifield <david () bamsoftware com>
Date: Mon, 25 Jun 2012 12:11:03 -0700

On Mon, Jun 25, 2012 at 02:40:59PM -0400, James Rogers wrote:
Still recommending we fix the acks always sending with a 0 sequence
number bug with a patch like this:

jrogers () jrogers-1015PX:~/nmap/source/original/nmap$ svn diff *.cc
Index: scan_engine.cc
--- scan_engine.cc    (revision 29046)
+++ scan_engine.cc    (working copy)
@@ -3369,9 +3369,10 @@
        comes back (possibly incremented) in the ACK field of responses. But if
        our probe has the ACK flag set, the response reflects our own ACK number
        instead. */
-    if (pspec->pd.tcp.flags & TH_ACK)
+    if (pspec->pd.tcp.flags & TH_ACK) {
       ack = seq32_encode(USI, tryno, pingseq);
-    else
+      seq = get_random_u32();
+    } else
       seq = seq32_encode(USI, tryno, pingseq);

     if (pspec->pd.tcp.flags & TH_SYN) {

This way when we send an ack we also fill in the seq with something
other than 0.

That's fine with me. Offhand I don't know of any reason not to use
random seqs here. (I guess I don't know any reason not to use all-zero
seqs either.)

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]