Re: [PATCH] Experimental SCTP scan support

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/02/2009 10:37 PM, Daniel Roethlisberger wrote:
> I've hacked together experimental SCTP support for nmap.  Please
> give it a whirl and let me know how it goes.  I'm especially
> interested in tests against real-world, proprietary SCTP stacks,
> whether it also builds on systems other than FreeBSD, and
> anything else I might have missed.

Your patch compiles fine on Linux (Ubuntu 8.10).

I found an SCTP server (just listens) I wrote back in February which your
patch picks up on, but Nmap crashes when trying to print the open ports:

Initiating SCTP INIT Scan at 03:36
Scanning Meryl (127.0.0.1) [5 ports]
Packet capture filter (device lo): dst host 127.0.0.1 and (icmp or ((tcp or
udp or sctp) and (src host 127.0.0.1)))
Discovered open port 1080/sctp on 127.0.0.1
Completed SCTP INIT Scan at 03:36, 0.00s elapsed (5 total ports)
Overall sending rates: 2054.23 packets / s, 106820.05 bytes / s.
Host Meryl (127.0.0.1) appears to be up ... good.
Scanned at 2009-01-03 03:36:41 CST for 0s
Interesting ports on Meryl (127.0.0.1):
*** buffer overflow detected ***: ./nmap terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7c44558]
/lib/tls/i686/cmov/libc.so.6[0xb7c42680]
/lib/tls/i686/cmov/libc.so.6(__strcpy_chk+0x44)[0xb7c41944]
./nmap(_Z15printportoutputP6TargetP8PortList+0x639)[0x8083569]
./nmap(_Z9nmap_mainiPPc+0x2099)[0x8061ea9]
./nmap(main+0x1e4)[0x805cdc4]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7b60685]
./nmap[0x805cb11]


And there doesn't seem to be any default set of ports to scan since not
specifying anything with -p leads to "0 ports scanned", or this could possibly
be some other problem.

These are just the first things I've noticed as I'm still playing around with
it.  I hope I'm not discouraging :)

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJXzRNAAoJEEQxgFs5kUfuqS4QAJbgJOSU9tHQgUk75Kj8iqYl
UoTefPBU3WSd/89X5+JVojkB5Ga5aqQNMT06PqawAC+JCCkE8uSZdAQfzY1GOqyA
jUkDc1Bbq8G8LnvaIoQzDWqzjYEWsaM6uHBAMjXAi3TSLb20p5L5u01u5pwIiMyO
KpHlyTOTsITrbc24+r6o2eDgUeQn1bU2c5+o5egzl86QzCWeWS+YH0SXYqnlxjQr
YN1FVOf5BCbVWOMEndSq2PrYSoPUUjCCPf0PWmzFBP54usA5hDgJZfWlX2u5V8m7
P+09QrbV5PxzAUIe5739w6ZZqXxnBQKezkR+H/0rExQBf1hhq7vsjwlCXKvoQGUC
e/TsCKb6awDSnVIli6y/61fBBY5YuAFEnw2eMIMh/acUnt+IwGqhsxHfJX4XbSes
aH9JwYgN6T1rq4Vo6jxuFSrCFcsrx3VAgQ3YYtnjI61bKK625p1b51p6v/CawUlM
xjp+1KnE6it6wvgttCt9NLG9KJtBH8eHcDRu/RYZejnIg20mS/auX+lZX336/Dfq
Hb53x1ueYODzxk5dW5lcsnKmVBd3L8zbi//Rl7e+TwbAEf25+/K/aplI+8wlS9Rg
qHcvjHgMNPU7of5VJZmTbAQoAEaMP4ftlEHFA1MxsfvrvkCxIgTgIRgAcFSzJnwV
EqPx9wjUS39DC1RCfduD
=rcuW
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org