Nmap Development mailing list archives

Wild TTL value

From: Gisle Vanem <gvanem () broadpark no>
Date: Wed, 01 May 2013 16:46:52 +0200

There seems to be a problem with how libnetutil/netutil.cc is setting the IP-TTLvalue on sockets; from nmap on Win32 linked with a WinSock tracing lib:


   * libnetutil/netutil.cc(871) (set_ttl+34):   setsockopt (1780, IPPROTO_IP,
                   IP_TTL, ULONG_MAX, 4) --> WSAEINVAL: Invalid arguments (10022).

I mean, why set TTL to such a high value? The IP-TTL field is only
8 bits. No wonder Winsock complains. I know about the "nmap --ttl"
option but IMHO the default should be bounded to 255 max like this:

--- SVN-Latest\libnetutil\netutil.cc    Thu Apr 25 10:06:07 2013
+++ libnetutil\netutil.cc       Wed May 01 16:41:30 2013
@@ -868,6 +868,7 @@
  if (sd == -1)
    return;

+  ttl = max (min(ttl, 255), 255);
  setsockopt(sd, IPPROTO_IP, IP_TTL, (const char *) &ttl, sizeof ttl);
#endif
}

---------

Or better, the caller of set_ttl() should fix it. It is obviously passinga ttl of '-1'.


--gv

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Wild TTL value Gisle Vanem (May 01)
- Re: Wild TTL value David Fifield (May 01)
  - Re: Wild TTL value Gisle Vanem (May 01)
    - Re: Wild TTL value David Fifield (May 01)
    - Re: Wild TTL value David Fifield (May 01)
    - Re: Wild TTL value Gisle Vanem (May 01)
    - Re: Wild TTL value David Fifield (May 01)
    - Re: Wild TTL value Gisle Vanem (May 02)