Re: [bug] nexthost: failed to find route to XXX (directly connected, with --randomize-hosts)

[David Fifield <david () bamsoftware com>]

On Mon, Mar 26, 2012 at 02:05:52PM -0500, Daniel Miller wrote:
> List,
>
> Ran into what I think is a bug related to hostgroups and the
> --randomize-hosts argument. Before I start speculating wildly,
> here's what's going on:
>
> My subnet is XXX.XXX.64.0/21, my IP is XXX.XXX.69.208, and I want to
> scan XXX.XXX.0.0/16. I am also using the --exclude-file option to
> exclude about 6 /24 subnets, and using the --randomize-hosts
> argument. Host discovery goes well, but during the port scan, I get
> "nexthost: failed to find route to XXX.XXX.68.0", and the scan ends
> prematurely.

That's an interesting case. During the ping scan, is it breaking the
targets into many tiny little hostgroups because the ones that are
direct are not contiguous?

> While investigating, I noticed that the target_needs_new_hostgroup
> function in targets.cc checks for "Different direct connectedness,"
> but the same function in nmap.cc does not. Is this something that
> should be put there?

Yes, probably, from a quick look. I only wonder about the tiny little
hostgroups and if we should do something about that.

> I did a small test trying to get --randomize-hosts to mix directly
> and not-directly connected addresses, but I couldn't get it to work,
> primarily because I'm on a NAT'ed /24, so I can't specify a single
> CIDR that contains both types of addresses.

I don't understand. I thought that was exactly the problem: a CIDR range
that includes both direct and non-direct targets.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/