PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Ignore supposed replies with nonsense pingseq/tryno.

Browse Source 
If we get a reply that doesn't pass the simple comparison using the
current value of USI->seqmask, then ignore it. Previously we emitted the
message "Bad Sequence number from host %s.\n" and allowed the reply to
match any probe. This only matters when using -g because otherwise we
encode that information in the source port. I think we have addressed
what was mentioned in the TODO comment in r15986. Allowing promiscuous
matching, as was done before, causes the same spurious closed port issue
that was addressed in r29686.
This commit is contained in:
david
2012-08-28 14:29:23 +00:00
parent 725692b744
commit f45f2f394e
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scan_engine.cc
View File

@@ -2523,15 +2523,10 @@ static bool tcp_probe_match(const UltraScanInfo *USI, const UltraProbe *probe,
} }
if (!goodseq) { if (!goodseq) {
/* TODO: I need to do some testing and find out how often this happens /* Connection info matches, but there was a nonsensical tryno/pingseq. */
and whether other techniques such as the response seq should be
used in those cases where it happens. Then I should make this just
a debugging > X statement. */
if (o.debugging) if (o.debugging)
log_write(LOG_PLAIN, "Bad Sequence number from host %s.\n", inet_ntop_ez(src, sizeof(*src))); log_write(LOG_PLAIN, "Bad Sequence number from host %s.\n", inet_ntop_ez(src, sizeof(*src)));
/* I'll just assume it is a response to this (most recent) probe. */ return false;
tryno = probe->tryno;
pingseq = probe->pingseq;
} }
/* Make sure that trynum and pingseq match the values in the probe. */ /* Make sure that trynum and pingseq match the values in the probe. */