Nmap Development mailing list archives
Re: nping echo protocol security
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Wed, 27 Jul 2011 10:51:40 +0200
On 07/25/2011 08:07 PM, Toni Ruottu wrote:
Luis, What are the security implications for a box that is running a public nping server? Does it follow that anyone can capture all traffic sent to that box? Regardless of the answer, I think the protocol specification should have a chapter on this. --Toni
Hi Toni, As you know, Echo servers can handle multiple simultaneous clients running multiple echo sessions in parallel. The problem is that when many clients are connected to the server, as it captures all the traffic that reaches its network interface, it must be able to determine which captured packets belong to which clients. To do this, the server implements a packet matching engine. When a packet is captured, the server analyzes it, and picks the client that is likely to have produced the packet. I have implemented many security measures to prevent a packet from being echoed to the wrong client. However, I cannot guarantee that the server gets it right 100% of the time. So the security implications of running a public nping echo server are that some malicious client might find a way to receive echoed packets that were not generated by him. I find this very unlikely, but there is always a risk. However, Nping now implements the --safe-payloads option, which zeroes the content of any application layer data before echoing a packet. This should minimize the risks. When such option gets more testing, we'll probably enable it by default. About the protocol specification, yes, it could be more complete. I'll add a TODO item for it. Regards, Luis MartinGarcia. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nping echo protocol security Toni Ruottu (Jul 25)
- Re: nping echo protocol security Luis MartinGarcia. (Jul 27)