Start sending a valid encapsulated header with IP-in-IP with -sO. Hosts respond more when a valid header is sent. I kept getting open|filtered for this, and now I get open. It's a lot like my IGMP patch from r4361

2025-12-15 04:09:01 +00:00 · 2007-01-27 04:36:24 +00:00
parent 71ed5177c4
commit 1e3760a397
2 changed files with 21 additions and 3 deletions
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -2203,6 +2203,23 @@ static UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
 			       &packetlen);

 	break;
+      case IPPROTO_IPIP:
+	/* This is our inner IP header, followed by data */
+	packet = build_ip_raw(&o.decoys[decoy], hss->target->v4hostip(),
+			      IPPROTO_TCP, /* fake it */
+			      o.ttl, ipid, IP_TOS_DEFAULT, false,
+			      o.ipoptions, o.ipoptionslen,
+			      o.extra_payload, o.extra_payload_length, 
+			      &packetlen);
+
+	/* This is our outer IP header, followed by the inner header above */
+	packet = build_ip_raw(&o.decoys[decoy], hss->target->v4hostip(),
+			      pspec->proto,
+			      o.ttl, ipid, IP_TOS_DEFAULT, false,
+			      o.ipoptions, o.ipoptionslen,
+			      (char *) packet, packetlen,
+			      &packetlen);
+	break;
      default:
 	packet = build_ip_raw(&o.decoys[decoy], hss->target->v4hostip(),
 			      pspec->proto,