Nmap Development mailing list archives

Re: --win_help

From: Fyodor <fyodor () insecure org>
Date: Wed, 28 Dec 2005 16:38:24 -0800

On Mon, Dec 19, 2005 at 12:12:08PM -0800, Fyodor wrote:

192.168.120.254 is a "AVM FRITZ!web PPP over ISDN", that make the trouble.
Its per default enable and unplugged.


That certainly casts into question the interface info, which is
obtained from libdnet.  If the interface is known by the system to be
unplugged, I don't think it should be counted as UP.  We get that
from libdnet (in tcpip.cc) as so:

dcrn->ifaces[numifaces].device_up = (entry->intf_flags & INTF_FLAG_UP)? true : false;

Dnet decides if a device is up in intf-win32.c:

if (ifrow->dwAdminStatus == MIB_IF_ADMIN_STATUS_UP)
  entry->intf_flags |= INTF_FLAG_UP;

It looks like Microsoft also has a dwOperStatus with values such as
'MIB_IF_OPER_STATUS_DISCONNECTED' if the interface is unplugged.  See:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mib/mib/mib_ifrow.asp

It sounds to me like we should change libdnet to check that as well,
and consider the interface down if it is disconnected.


I haven't heard any feedback on this, so I'm making this change to
libdnet-stripped/src/intf-win32.c for the next version of Nmap:

--- intf-win32.c        (revision 2976)
+++ intf-win32.c        (working copy)
@@ -116,7 +116,9 @@
 
        /* Get interface flags. */
        entry->intf_flags = 0;
-       if (ifrow->dwAdminStatus == MIB_IF_ADMIN_STATUS_UP)
+       if (ifrow->dwAdminStatus == MIB_IF_ADMIN_STATUS_UP && 
+           (ifrow->dwOperStatus == MIB_IF_OPER_STATUS_OPERATIONAL || 
+            ifrow->dwOperStatus == MIB_IF_OPER_STATUS_CONNECTED))
                entry->intf_flags |= INTF_FLAG_UP;
        if (ifrow->dwType == MIB_IF_TYPE_LOOPBACK)
                entry->intf_flags |= INTF_FLAG_LOOPBACK;

I haven't tested it on Windows yet, but will try to remember to do so
before I release.  If anyone sees a problem with this patch, let me
know.

Cheers,
Fyodor



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

AW: --win_help Baumgart, Alexander (K-GOT-1) (Dec 19)
- Re: --win_help kx (Dec 19)
- Re: --win_help Fyodor (Dec 19)
  - Re: --win_help Fyodor (Dec 28)
  - Re: --win_help Fyodor (Dec 28)