Nmap Development mailing list archives

Re: DNS bug in nmap-4.00 on PPC and SPARC

From: Tony Doan <tdoan () tdoan com>
Date: Wed, 1 Feb 2006 16:20:12 -0800

I've seen the same problem on Mac OS X on a Power Book G4 running  
10.4.4 and verified the problem does not occur on a Pentium M running  
Linux 2.6.

I've managed part of a patch thus far, and am working on the rest. So  
far I've gotten the new DNS code to send the queries out in the  
proper order (verified by watching the traffic with tethereal).  
Unfortunately the code that parses the responses still appears to  
need work as nmap does not register any of them when a -sL scan is  
completes.

Here is the partial patch (This is really a hack as it just reverses  
things and doesn't attempt to detect "endianess" as it should):

diff -u nmap-4.00/nmap_dns.cc nmap-4.00-td/nmap_dns.cc
--- nmap-4.00/nmap_dns.cc       2006-01-19 10:55:29.000000000 -0800
+++ nmap-4.00-td/nmap_dns.cc    2006-02-01 16:17:09.000000000 -0800
@@ -629,10 +629,10 @@
    memcpy(packet+plen, "\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00", 10);
    plen += 10;
-  plen += add_integer_to_dns_packet(packet+plen, (ip>>24) & 0xFF);
-  plen += add_integer_to_dns_packet(packet+plen, (ip>>16) & 0xFF);
-  plen += add_integer_to_dns_packet(packet+plen, (ip>>8) & 0xFF);
    plen += add_integer_to_dns_packet(packet+plen, ip & 0xFF);
+  plen += add_integer_to_dns_packet(packet+plen, (ip>>8) & 0xFF);
+  plen += add_integer_to_dns_packet(packet+plen, (ip>>16) & 0xFF);
+  plen += add_integer_to_dns_packet(packet+plen, (ip>>24) & 0xFF);
    memcpy(packet+plen, "\x07in-addr\004arpa\x00\x00\x0c\x00\x01", 18);
    plen += 18;

Thanks,
Tony Doan
tdoan () tdoan com

From: E. Seth Miller <esmiller_at_umich.edu>
Date: Tue, 31 Jan 2006 20:04:12 -0500 (EST)
Greetings-
         I seem to have found a bug with nmap-4.00 when running on  
PowerPC
and SPARC systems. The new DNS resolution looks up the reverse of the
correct IP, eg. nmap 141.213.30.72 gives you the domain name  
belonging to
72.30.213.141.
         I've tested this on MacOS 10.4.4, MacOS 10.3.9, Solaris  
2.8, and
Gentoo Linux PPC (system details appear below) and found this  
result. I
also tested it on Gentoo Linux x86 (2.4 and 2.6 kernels), where it  
works
fine. I'm guessing it is a problem on all big-endian systems. (If you
really want, I can dig up NetBSD/mac68k machine to test on as well.
Yeah, I didn't think so.)
         I don't have a patch for this, and, realistically, I doubt  
I can
come up with one -- I can't code to save my life. Hopefully this helps
anyway, and hopefully this hasn't already been reported and I just  
missed
it. Let me know if I can do anything else to assist.

         -Seth Miller



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andrew Lutomirski (Feb 01)
  - Re: DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 02)
    - Re: DNS bug in nmap-4.00 on PPC and SPARC Andy Lutomirski (Feb 02)
- <Possible follow-ups>
- Re: DNS bug in nmap-4.00 on PPC and SPARC Tony Doan (Feb 01)