Nmap Development mailing list archives
Nmap marking ports with invalid SYN+ACK TCP checksums as open?
From: Jacek Wielemborek <d33tah () gmail com>
Date: Mon, 23 Jun 2014 14:50:59 +0200
List, Yesterday I discovered that if Nmap receives a SYN+ACK during a SYN scanning that has an invalid TCP checksum, it will say that this port is open. This is different than how operating systems behave and exploiting it sounds like an easy way to confuse the scanner. Why is it implemented this way? bonsaiviking on IRC suggested it might be "that we'd rather not miss an open port just because of a bitflip error somewhere". Still, this might be an interesting piece of information that the host is responding with corrupt checksums, so maybe Nmap should at least print a warning message if this happens? Yours, Jacek Wielemborek
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap marking ports with invalid SYN+ACK TCP checksums as open? Jacek Wielemborek (Jun 23)
- Re: Nmap marking ports with invalid SYN+ACK TCP checksums as open? Jay Bosamiya (Jun 23)
- Re: Nmap marking ports with invalid SYN+ACK TCP checksums as open? Daniel Miller (Jun 23)