Nmap Development mailing list archives
Re: patch: force sport=udp/500 when dport=udp/500 (fwd)
From: Brett Eldridge <beldridg () pobox com>
Date: Sun, 5 May 2002 07:36:10 -0700 (PDT)
hi, fyodor recommended i post this message here instead of nmap-hackers (my original message is below and then a copy of fyodor's mail follows with some comments about the patch itself). - brett ---------- Original message -------- most isakmpd implementations use a sport=udp/500 for IKE. this patch forces that behavior instead of using an ephemeral udp port. the RFCs are pretty unclear as to whether the initiator must use a source port of udp/500 but i've never witnessed a system that didn't use it by default. thoughts? outcries? - brett --- nmap-2.54BETA33/tcpip.c Sat Apr 20 17:20:09 2002 +++ nmap-2.54BETA33-mod/tcpip.c Fri May 3 14:40:53 2002 @@ -541,6 +541,12 @@ udp->uh_dport = htons(dport); udp->uh_ulen = htons(8 + datalen); +/* RFC 2408 implies udp sport of 500, but isn't totally clear. Most + daemons use sport==500. IKEv2 will change this for NAT support */ +if ( dport == 500 ) { + udp->uh_sport = udp->uh_dport; +} + /* We should probably copy the data over too */ if (data) memcpy(packet + sizeof(struct ip) + sizeof(udphdr_bsd), data, datalen); ---------- Forwarded message ---------- Date: Sun, 5 May 2002 03:14:19 -0700 From: Fyodor <fyodor () insecure org> To: Brett Eldridge <beldridg () pobox com> Subject: Re: patch: force sport=udp/500 when dport=udp/500 On Fri, May 03, 2002 at 02:46:34PM -0700, Brett Eldridge wrote:
most isakmpd implementations use a sport=udp/500 for IKE. this patch forces that behavior instead of using an ephemeral udp port.
Hi Brett, why don't you send this same mail to nmap-dev () insecure org instead. Thanks, Fyodor PS: I'm not convinced that the main Nmap distribution should do this (opens a can of worms, for example, what to do if the user specified a source port with -g). But it the patch could certainly be useful for some people. --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Re: patch: force sport=udp/500 when dport=udp/500 (fwd) Brett Eldridge (May 05)