Nmap Development mailing list archives
Re: [PATCH] Prevent execution of unintended Nmap scans when invalid targets are specified.
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 May 2009 11:02:57 -0600
On Thu, May 07, 2009 at 01:31:25AM +0100, jah wrote:
Hi folks, The command: nmap #192.168.1.1 will result in a scan against 0.168.1.1. A command such as nmap 192.168.1.0/ or nmap 192.168.1.0/ab will be interpreted as having a netmask of zero causing nmap to scan the IPv4 internet (which is fun!).
Nice job. I found some other weird syntax that Nmap supports while I was working on Ncat --allow and --deny. http://seclists.org/nmap-dev/2009/q1/0451.html Thanks, from your report I found that Ncat also took "1.2.3.4/" to mean "1.2.3.4/0". That is fixed now. I like the patch but I would like the netmask checking done with strtol rather than manually checking that every byte is a digit. strtol also checks for things like overflow. There's a function, parse_long, in ncat/utils.c that I use to parse integers that shouldn't be allowed to have a sign or any other accoutrements. ncat/ncat_hostmatch.c has examples of error checking. Please feel free to check in your identation fixes separately from the functional change. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Prevent execution of unintended Nmap scans when invalid targets are specified. jah (May 06)
- Re: [PATCH] Prevent execution of unintended Nmap scans when invalid targets are specified. David Fifield (May 12)
- <Possible follow-ups>
- [PATCH] Prevent execution of unintended Nmap scans when invalid targets are specified. jah (May 06)