Nmap Development mailing list archives
Re: DNS bug in nmap-4.00 on PPC and SPARC
From: Andrew Lutomirski <luto () myrealbox com>
Date: Wed, 1 Feb 2006 16:34:59 -0800
The old code looks doubly-broken -- it wrote the octets high-to-low (should have been low-to-high), but it also forgot to ntohl the IP address, so it was reversed again on little-endian machines and thus worked by accident. This patch compiles, but I haven't tested it at all (and I don't have a big-endian machine, so I couldn't do a good job of it anyway). --Andy On 1/31/06, E. Seth Miller <esmiller () umich edu> wrote:
Greetings- I seem to have found a bug with nmap-4.00 when running on PowerPC and SPARC systems. The new DNS resolution looks up the reverse of the correct IP, eg. nmap 141.213.30.72 gives you the domain name belonging to 72.30.213.141. I've tested this on MacOS 10.4.4, MacOS 10.3.9, Solaris 2.8, and Gentoo Linux PPC (system details appear below) and found this result. I also tested it on Gentoo Linux x86 (2.4 and 2.6 kernels), where it works fine. I'm guessing it is a problem on all big-endian systems. (If you really want, I can dig up NetBSD/mac68k machine to test on as well. Yeah, I didn't think so.) I don't have a patch for this, and, realistically, I doubt I can come up with one -- I can't code to save my life. Hopefully this helps anyway, and hopefully this hasn't already been reported and I just missed it. Let me know if I can do anything else to assist. -Seth Miller Sample run (note that the correct DNS for this IP is beast.dmc.dc.umich.edu): [dc-at-3dmac:~] root# /usr/local/bin/nmap -sS 141.213.30.72 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-01-31 18:57 EST Interesting ports on dc501007.inktomisearch.com (141.213.30.72): (The 1671 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh MAC Address: 00:04:AC:CB:61:02 (IBM) Nmap finished: 1 IP address (1 host up) scanned in 0.964 seconds [dc-at-3dmac:~] root# Machine details: weird-al:willy willy$ gcc --version powerpc-apple-darwin8-gcc-4.0.0 (GCC) 4.0.0 (Apple Computer, Inc. build 5026) weird-al:willy willy$ uname -a Darwin weird-al.local 8.3.0 Darwin Kernel Version 8.3.0: Mon Oct 3 20:04:04 PDT 2005; root:xnu-792.6.22.obj~2/RELEASE_PPC Power Macintosh powerpc [12" PowerBook 1GHz running MacOS 10.4.4] [dc-at-3dmac:~] root# gcc --version powerpc-apple-darwin8-gcc-4.0.1 (GCC) 4.0.1 (Apple Computer, Inc. build 5250) [dc-at-3dmac:~] root# uname -a Darwin dc-at-3dmac.dmc.dc.umich.edu 8.4.0 Darwin Kernel Version 8.4.0: Tue Jan 3 18:22:10 PST 2006; root:xnu-792.6.56.obj~1/RELEASE_PPC Power Macintosh powerpc [PowerMac G4 (Quicksilver 2002 DP) running MacOS 10.4.4] [TiFighter:~] esmiller% gcc --version gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1671) [TiFighter:~] esmiller% uname -a Darwin dhcp4.public.dc.umich.edu 7.9.0 Darwin Kernel Version 7.9.0: Wed Mar 30 20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power Macintosh powerpc [15" Titanium PowerBook 1GHz running MacOS 10.3.9] [aerfs:~] esmiller% gcc --version gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1671) [aerfs:~] esmiller% uname -a Darwin aerfs.dmc.dc.umich.edu 7.9.0 Darwin Kernel Version 7.9.0: Wed Mar 30 20:11:17 PST 2005; root:xnu/xnu-517.12.7.obj~1/RELEASE_PPC Power Macintosh powerpc [PowerMac G4 (Gigabit Ethernet DP) running MacOS 10.3.9] willy@ltg-pmac2 ~/nmap-4.00 $ gcc --version gcc (GCC) 3.4.4 (Gentoo 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8) willy@ltg-pmac2 ~/nmap-4.00 $ uname -a Linux ltg-pmac2.dmc.dc.umich.edu 2.4.26-ppc #6 Mon Jun 7 08:59:48 EDT 2004 ppc 740/750 PowerMac1,1 GNU/Linux [PowerMac G3 (B&W) running Gentoo Linux] hap% gcc --version 3.0.3 hap% uname -a SunOS hap.lsa.umich.edu 5.8 Generic_117000-03 sun4u sparc SUNW,Sun-Fire-280R [SunFire 280R running Solaris 2.8] esmiller@angevin ~ $ gcc --version gcc (GCC) 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8) esmiller@angevin ~ $ uname -a Linux angevin 2.6.12-gentoo-r9 #1 SMP Mon Aug 22 07:24:08 EDT 2005 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux [Dell Precision 420 running Gentoo Linux] [works correctly on this box -- included for completeness.] _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Attachment:
nmap_dns_endian_fix.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andrew Lutomirski (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 02)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andy Lutomirski (Feb 02)
- Re: DNS bug in nmap-4.00 on PPC and SPARC E. Seth Miller (Feb 02)
- <Possible follow-ups>
- Re: DNS bug in nmap-4.00 on PPC and SPARC Tony Doan (Feb 01)
- Re: DNS bug in nmap-4.00 on PPC and SPARC Andrew Lutomirski (Feb 01)