PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Ports are now considered open during a SYN scan if a SYN packet (without the ACK

Browse Source 
flag) is received in response. This can be due to an extremely rare TCP feature
known as a simultaneous open or split handshake connection.
see http://nmap.org/misc/split-handshake.pdf
Added a reason code: ER_SYN and associated reason string: "split-handshake-syn".
This commit is contained in:
jah
2010-06-08 01:50:45 +00:00
parent 77ef606d52
commit a17609e6b4
4 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG
View File

@@ -1,5 +1,12 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o Ports are now considered open during a SYN scan if a SYN packet
(without the ACK flag) is received in response. This can be due to
an extremely rare TCP feature known as a simultaneous open or split
handshake connection. see http://nmap.org/misc/split-handshake.pdf
Added a reason code: ER_SYN and associated reason string:
"split-handshake-syn".
o [NSE] Fixed a bug in qscan.nse which gave an error if a confidence o [NSE] Fixed a bug in qscan.nse which gave an error if a confidence
level of 0.9995 was used. Thanks to Marcin Hoffmann for noticing level of 0.9995 was used. Thanks to Marcin Hoffmann for noticing
the problem. [Kris] the problem. [Kris]

8
portreasons.cc
View File

@@ -106,8 +106,8 @@ class PortList;
/* Possible plural and singular reasons */ /* Possible plural and singular reasons */
const char *reason_text[ER_MAX+1]={ const char *reason_text[ER_MAX+1]={
"reset", "conn-refused", "syn-ack", "syn-ack", "udp-response", "reset", "conn-refused", "syn-ack", "syn-ack", "split-handshake-syn",
"proto-response", "perm-denied", "udp-response", "proto-response", "perm-denied",
"net-unreach", "host-unreach", "proto-unreach", "net-unreach", "host-unreach", "proto-unreach",
"port-unreach", "echo-reply", "unknown", "unknown", "dest-unreach", "port-unreach", "echo-reply", "unknown", "unknown", "dest-unreach",
"source-quench", "net-prohibited", "host-prohibited", "unknown", "source-quench", "net-prohibited", "host-prohibited", "unknown",
@@ -119,8 +119,8 @@ const char *reason_text[ER_MAX+1]={
}; };
const char *reason_pl_text[ER_MAX+1]={ const char *reason_pl_text[ER_MAX+1]={
"resets", "conn-refused", "syn-acks", "syn-acks", "udp-responses", "resets", "conn-refused", "syn-acks", "syn-acks", "split-handshake-syns",
"proto-responses", "perm-denieds", "udp-responses", "proto-responses", "perm-denieds",
"net-unreaches", "host-unreaches", "proto-unreaches", "net-unreaches", "host-unreaches", "proto-unreaches",
"port-unreaches", "echo-replies", "unknowns", "unknowns", "dest-unreaches", "port-unreaches", "echo-replies", "unknowns", "unknowns", "dest-unreaches",
"source-quenches", "net-prohibiteds", "host-prohibiteds", "unknowns", "source-quenches", "net-prohibiteds", "host-prohibiteds", "unknowns",

12
portreasons.h
View File

@@ -127,19 +127,19 @@ typedef struct port_reason_summary {
/* portreasons.h:reason_codes and portreasons.cc:reason_str must stay in sync */ /* portreasons.h:reason_codes and portreasons.cc:reason_str must stay in sync */
enum reason_codes { enum reason_codes {
ER_RESETPEER=0, ER_CONREFUSED, ER_CONACCEPT, ER_RESETPEER=0, ER_CONREFUSED, ER_CONACCEPT,
ER_SYNACK, ER_UDPRESPONSE, ER_PROTORESPONSE, ER_ACCES, /* 7 */ ER_SYNACK, ER_SYN, ER_UDPRESPONSE, ER_PROTORESPONSE, ER_ACCES, /* 8 */
ER_NETUNREACH, ER_HOSTUNREACH, ER_PROTOUNREACH, ER_NETUNREACH, ER_HOSTUNREACH, ER_PROTOUNREACH,
ER_PORTUNREACH, ER_ECHOREPLY, /* 11 */ ER_PORTUNREACH, ER_ECHOREPLY, /* 12 */
ER_DESTUNREACH=14, ER_SOURCEQUENCH, ER_NETPROHIBITED, ER_DESTUNREACH=14, ER_SOURCEQUENCH, ER_NETPROHIBITED,
ER_HOSTPROHIBITED, ER_ADMINPROHIBITED=20, ER_HOSTPROHIBITED, ER_ADMINPROHIBITED=20,
ER_TIMEEXCEEDED=22, ER_TIMESTAMPREPLY=25, ER_TIMEEXCEEDED=22, ER_TIMESTAMPREPLY=25,
ER_ADDRESSMASKREPLY=29, ER_NOIPIDCHANGE, ER_IPIDCHANGE, ER_ADDRESSMASKREPLY=30, ER_NOIPIDCHANGE, ER_IPIDCHANGE,
ER_ARPRESPONSE, ER_TCPRESPONSE, ER_NORESPONSE, ER_ARPRESPONSE, ER_TCPRESPONSE, ER_NORESPONSE,
ER_INITACK, ER_ABORT, ER_INITACK, ER_ABORT,
ER_LOCALHOST, ER_SCRIPT, ER_UNKNOWN, ER_USER, ER_MAX=ER_USER /* 41 */ ER_LOCALHOST, ER_SCRIPT, ER_UNKNOWN, ER_USER, ER_MAX=ER_USER /* 42 */
}; };
/* Be careful to update these values if any ICMP /* Be careful to update these values if any ICMP
@@ -147,8 +147,8 @@ enum reason_codes {
* *
* ICMP ER_* codes are calculated by adding the * ICMP ER_* codes are calculated by adding the
* offsets below to an ICMP packets code/type value */ * offsets below to an ICMP packets code/type value */
#define ER_ICMPCODE_MOD 7 #define ER_ICMPCODE_MOD 8
#define ER_ICMPTYPE_MOD 11 #define ER_ICMPTYPE_MOD 12
/* passed to the print_state_summary. /* passed to the print_state_summary.
* STATE_REASON_EMPTY will append to the current line, prefixed with " because of" * STATE_REASON_EMPTY will append to the current line, prefixed with " because of"

4
scan_engine.cc
View File

@@ -4102,6 +4102,10 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* Yeah! An open port */ /* Yeah! An open port */
newstate = PORT_OPEN; newstate = PORT_OPEN;
current_reason = ER_SYNACK; current_reason = ER_SYNACK;
} else if (USI->scantype == SYN_SCAN && tcp->th_flags == TH_SYN) {
/* A SYN from a TCP Split Handshake - open port */
newstate = PORT_OPEN;
current_reason = ER_SYN;
} else if (tcp->th_flags & TH_RST) { } else if (tcp->th_flags & TH_RST) {
current_reason = ER_RESETPEER; current_reason = ER_RESETPEER;
if (USI->scantype == WINDOW_SCAN ) { if (USI->scantype == WINDOW_SCAN ) {