Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Bug]? -iR <num_hosts> on windows XP generates duplicate targets

From: David Fifield <david () bamsoftware com>
Date: Wed, 30 Apr 2008 18:06:55 -0600
On Wed, Apr 30, 2008 at 09:44:42PM +0000, Brandon Enright wrote:

So what this really gets down to is the need to stop using rand() on
Windows.  OpenSSL provides an excellent RNG so if/when OpenSSL gets
integrated into Windows we can side-step this whole issue.

The other (not mutually-exclusive) option available to us is to
implement our own PRNG using Mersenne Twister or some other
high-quality PRNG.  This has a few advantages over what we have right
now:

* Even if OpenSSL isn't compiled in, we'll still have a good RNG source

* We could implement a --seed option to generate the *same* set of IPs
across all operating systems Nmap runs on


This seems unstable to me. The IP generator would need its own random
state to avoid being desynchronized by other things that need random
numbers, like acknowledgement numbers. Two runs could get out of sync
after the first scan group, if a different number of retransmits were
necessary, say.

Even if the IP generator has its own state, you could get different
results across versions because of different reserved IP ranges. That's
not so bad, because any IP address that became reserved would be omitted
in the newer version and replaced by a different IP at the end of the
list. But it means you couldn't count on the same seed giving you the
exact same IP addresses.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: