From 832f815d33758e4f96439e100962a22f1ffba2df Mon Sep 17 00:00:00 2001 From: david Date: Sun, 2 Sep 2012 22:47:45 +0000 Subject: [PATCH] Use smartly chosen destination ports instead of o.magic_port in -sO. Using o.magic_port, which is usually used for our source address, or otherwise is somewhat randomly generated, doesn't make sense here. Instead, use the same destination ports that we use for host discovery: 80 for TCP and SCTP, and 40125 for UDP. http://seclists.org/nmap-dev/2012/q3/663 --- CHANGELOG | 4 ++++ scan_engine.cc | 12 ++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d01479e7a..d92f8fa92 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o Protocol scan (-sO) probes for TCP, UDP, and SCTP now go to ports + 80, 40125, and 80 respectively, instead of being randomly generated + or going to the same port as the source port. [David Fifield] + o [NSE] Added msrpc-enum script which queries MSRPC endpoint mapper for available services and their information. [Aleksandar Nikolic] diff --git a/scan_engine.cc b/scan_engine.cc index 5083fb995..0c3f0cf50 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -3270,7 +3270,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src, case IPPROTO_TCP: packet = build_tcp_raw(&src_in->sin_addr, &dst_in->sin_addr, o.ttl, ipid, IP_TOS_DEFAULT, false, o.ipoptions, o.ipoptionslen, - sport, o.magic_port, get_random_u32(), get_random_u32(), 0, TH_ACK, 0, 0, NULL, 0, + sport, DEFAULT_TCP_PROBE_PORT, get_random_u32(), get_random_u32(), 0, TH_ACK, 0, 0, NULL, 0, o.extra_payload, o.extra_payload_length, packetlen); break; case IPPROTO_ICMP: @@ -3288,7 +3288,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src, case IPPROTO_UDP: packet = build_udp_raw(&src_in->sin_addr, &dst_in->sin_addr, o.ttl, ipid, IP_TOS_DEFAULT, false, o.ipoptions, o.ipoptionslen, - sport, o.magic_port, + sport, DEFAULT_UDP_PROBE_PORT, o.extra_payload, o.extra_payload_length, packetlen); break; case IPPROTO_SCTP: { @@ -3298,7 +3298,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src, get_random_u32() /*itag*/, 32768, 10, 2048, get_random_u32() /*itsn*/); packet = build_sctp_raw(&src_in->sin_addr, &dst_in->sin_addr, o.ttl, ipid, IP_TOS_DEFAULT, false, o.ipoptions, o.ipoptionslen, - sport, o.magic_port, 0UL, (char*) &chunk, sizeof(chunk), + sport, DEFAULT_SCTP_PROBE_PORT, 0UL, (char*) &chunk, sizeof(chunk), o.extra_payload, o.extra_payload_length, packetlen); } break; @@ -3319,7 +3319,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src, case IPPROTO_TCP: packet = build_tcp_raw_ipv6(&src_in6->sin6_addr, &dst_in6->sin6_addr, 0, ipid, o.ttl, - sport, o.magic_port, get_random_u32(), get_random_u32(), 0, TH_ACK, 0, 0, NULL, 0, + sport, DEFAULT_TCP_PROBE_PORT, get_random_u32(), get_random_u32(), 0, TH_ACK, 0, 0, NULL, 0, o.extra_payload, o.extra_payload_length, packetlen); break; case IPPROTO_ICMPV6: @@ -3331,7 +3331,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src, case IPPROTO_UDP: packet = build_udp_raw_ipv6(&src_in6->sin6_addr, &dst_in6->sin6_addr, 0, ipid, o.ttl, - sport, o.magic_port, + sport, DEFAULT_UDP_PROBE_PORT, o.extra_payload, o.extra_payload_length, packetlen); break; case IPPROTO_SCTP: { @@ -3340,7 +3340,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src, get_random_u32() /*itag*/, 32768, 10, 2048, get_random_u32() /*itsn*/); packet = build_sctp_raw_ipv6(&src_in6->sin6_addr, &dst_in6->sin6_addr, 0, ipid, o.ttl, - sport, o.magic_port, 0UL, (char*) &chunk, sizeof(chunk), + sport, DEFAULT_SCTP_PROBE_PORT, 0UL, (char*) &chunk, sizeof(chunk), o.extra_payload, o.extra_payload_length, packetlen); } break;