PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-05 22:19:03 +00:00
Code Issues Projects Releases Wiki Activity

Remove these condition on probe matching:

Browse Source 
A RST/ACK can only be matched to a SYN or FIN. A bare RST cannot
	be matched to a SYN or FIN.

Matthew Stickney and Joe McEachern found cases where this caused replies
to be missed (specifically, RST/ACK in reponse to a NULL probe) and also
found standards justification for hosts returning RST/ACK in such a
situation.
This commit is contained in:
david
2011-08-25 05:35:03 +00:00
parent 71a3724543
commit 3b500dc8df
2 changed files with 5 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scan_engine.cc
View File

@@ -2535,21 +2535,12 @@ static bool tcp_probe_match(const UltraScanInfo *USI, const UltraProbe *probe,
/* Make sure we are matching up the right kind of probe, otherwise just the
ports, address, tryno, and pingseq can be ambiguous, between a SYN and an
ACK probe during a -PS80 -PA80 scan for example. A SYN/ACK can only be
matched to a SYN probe. A RST/ACK can only be matched to a SYN or FIN. A
bare RST cannot be matched to a SYN or FIN. */
matched to a SYN probe. */
probedata = &probe->pspec()->pd.tcp;
if ((tcp->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)
&& !(probedata->flags & TH_SYN)) {
return false;
}
if ((tcp->th_flags & (TH_RST | TH_ACK)) == (TH_RST | TH_ACK)
&& !(probedata->flags & (TH_SYN | TH_FIN))) {
return false;
}
if ((tcp->th_flags & (TH_RST | TH_ACK)) == TH_RST
&& (probedata->flags & (TH_SYN | TH_FIN))) {
return false;
}
/* Sometimes we get false results when scanning localhost with -p- because we
scan localhost with src port = dst port and see our outgoing packet and