Nmap Developmentmailing list archives
OS fingerprinting bug
From: William Robertson <wkr () cs ucsb edu>
Date: Thu, 25 Apr 2002 18:53:51 -0700
Apologies if this is a repeat, but I don't think my previous mail made itto the list.Anyway, I believe I've found a bug in the OS fingerprinting routine innmap. Specifically, if you're scanning a machine which responds to all ofthe tests (T1-T7 and PU), nmap will drop a response (usually the ICMP portunreachable datagram). This happens because testsleft is set to 7 if anopen port was found, and the routine breaks out of the receive loop whentestsleft == 0. However, since there are 8 tests, if a machine responds toall of them, the last response received is picked up in the TCP sequencingreceive loop instead.The attached patch is against nmap 2.54BETA32.-- | William Robertson | "10000101110110111000010110000110" -- /dev/random || wkr () cs ucsb edu | 2F56 8B0E E97E 3136 C4B6 6B89 4088 75B8 90A3 BED4 |
Attachment:nmap-2.54BETA32-testsleft.diff
Description:
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- OS fingerprinting bugWilliam Robertson (Apr 25)
- Re: OS fingerprinting bugFyodor (Apr 26)