Nmap Development mailing list archives
Re: [PATCH] Experimental SCTP scan support
From: pUm <hijacka () googlemail com>
Date: Sat, 3 Jan 2009 12:31:20 +0100
Daniel, thx. exactly what I was looking for in december last year :-D great. Actually I am scanning a customers ip range (who has enabled sctp) with the latest svn updates and your patch applied. Last Changed Author: david Last Changed Rev: 11605 Last Changed Date: 2009-01-03 08:06:13 +0100 (Sat, 03 Jan 2009) doing a protocol scan nmap fails by connection to protocol port 132 ... /nmap# nmap --debug -sO -p 132 127.0.0.1 Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-03 12:27 CET --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- mass_rdns: Using DNS server 127.0.0.1 Initiating IPProto Scan at 12:27 Scanning localhost (127.0.0.1) [1 port] Packet capture filter (device lo): dst host 127.0.0.1 and (icmp or (src host 127.0.0.1)) nmap: scan_engine.cc:826: void UltraProbe::setIP(u8*, u32, const probespec*): Assertion `iplen >= (unsigned) ipv4->ip_hl * 4 + 12' failed. Aborted other protocols just works fine: /nmap# nmap -sO -p 1 127.0.0.1 Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-03 12:29 CET Interesting protocols on localhost (127.0.0.1): PROTOCOL STATE SERVICE 1 open icmp thanks sven 2009/1/3 Daniel Roethlisberger <daniel () roe ch>:
I've hacked together experimental SCTP support for nmap. Please give it a whirl and let me know how it goes. I'm especially interested in tests against real-world, proprietary SCTP stacks, whether it also builds on systems other than FreeBSD, and anything else I might have missed. http://daniel.roe.ch/code/nmap/nmap+sctp-20090103-r11604-initscan.diff SCTP is a layer 4+ protocol like TCP or UDP and also has 16 bit port numbers. One reason why SCTP might be of interest is it's use by telco stuff migrated to the IP world, such as SS7/SIGTRAN. What works / has been done: - SCTP INIT scans (stealth scans, much like SYN scans in the TCP world) seem to work. A SCTP packet is sent with an INIT chunk; the response is a INIT_ACK chunk if the port is open or an ABORT chunk if closed. - Patched libdnet-stripped with rather minimal SCTP support. - Added a list of 36 well-known SCTP ports to nmap-services. Not done yet: - SCTP based ping probes. - SCTP support for IP proto scan. - Use itag/itsn to store scan state. - Support the deprecated Adler32 checksum as an option. - More advanced scan types using different chunk combinations. Note that SCTP scans usually do not work through network address translators. This is because today's NAT boxes typically do not know how to translate SCTP packets. -- Daniel Roethlisberger http://daniel.roe.ch/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [PATCH] Experimental SCTP scan support, (continued)
- Re: [PATCH] Experimental SCTP scan support Kris Katterjohn (Jan 02)
- Re: [PATCH] Experimental SCTP scan support Kris Katterjohn (Jan 03)
- Re: [PATCH] Experimental SCTP scan support doug (Jan 03)
- Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)
- Re: [PATCH] Experimental SCTP scan support Fyodor (Jan 04)
- Re: [PATCH] Experimental SCTP scan support doug (Jan 04)
- _FORTIFY_SOURCE=2 David Fifield (Jan 22)
- Re: _FORTIFY_SOURCE=2 David Fifield (Feb 14)
- Re: [PATCH] Experimental SCTP scan support doug (Jan 03)
- Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)
- Re: [PATCH] Experimental SCTP scan support Kris Katterjohn (Jan 03)
- Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)
- Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)
- Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 03)
- Re: [PATCH] Experimental SCTP scan support pUm (Jan 04)
- Re: [PATCH] Experimental SCTP scan support Daniel Roethlisberger (Jan 04)
- Re: [PATCH] Experimental SCTP scan support pUm (Jan 04)