fatal("Idlescan zombie %s (%s) port %hu cannot be used because IPID sequencability class is: %s. Try another proxy.", proxy->host.name, inet_ntoa(proxy->host.host), proxy->probe_port, ipidclass2ascii(proxy->seqclass));
fatal("Even though your Zombie (%s; %s) appears to be vulnerable to IPID sequence prediction (class: %s), our attempts have failed. There generally means that either the Zombie uses a separate IPID base for each host (like Solaris), or because you cannot spoof IP packets (perhaps your ISP has enabled egress filtering to prevent IP spoofing), or maybe the target network recognizes the packet source as bogus and drops them", proxy->host.name, inet_ntoa(proxy->host.host), ipidclass2ascii(proxy->seqclass));
}
if (o.debugging && distance != 5) {
error("WARNING: IPID spoofing test sent 4 packets and expected a distance of 5, but instead got %d", distance);
}
proxy->latestid = newipid;
}
}
/* Adjust timing parameters up or down given that an idlescan found a
count of 'testcount' while the 'realcount' is as given. If the
testcount was correct, timing is made more aggressive, while it is
/* Perhaps the proxy host is not really idle ... */
/* I guess all I can do is decrease the group size, so that if the proxy is not really idle, at least we may be able to scan cnunks more quickly in between outside packets */
error("idlescan_countopen2: Counted %d open ports in try #%d, but counted %d earlier ... probably a proxy_probe problem", ipid_dist, tries, openports);
}
/* I no longer whack timing here ... done at bottom */
/* Yeah, we found open ports... lets adjust the timing ... */
if (o.debugging > 2) error("idlescan_countopen2: found %d open ports (out of %d) in %d usecs", openports, numports, TIMEVAL_SUBTRACT(latestchange, start));
if (sent_time) *sent_time = start;
if (rcv_time) *rcv_time = latestchange;
}
if (newipid > 0) proxy->latestid = newipid;
return openports;
}
/* The job of this function is to use the Idlescan technique to count
the number of open ports in the given list. Under the covers, this
function just farms out the hard work to another function */
int idlescan_countopen(struct idle_proxy_info *proxy,
struct hoststruct *target, u16 *ports, int numports,
error("idlescan_countopen: In try #%d, counted %d open ports out of %d. Retrying", tries, openports, numports);
}
/* Sleep for a little while -- maybe proxy host had brief birst of
traffic or similar problem */
sleep(tries * tries);
if (tries == 5)
sleep(45); /* We're gonna give up if this fails, so we will be a bit
patient */
} while(1);
if (openports < 0 || openports > numports ) {
/* Oh f*ck!!!! */
fatal("Idlescan is unable to obtain meaningful results from proxy %s (%s). I'm sorry it didn't work out.", proxy->host.name, inet_ntoa(proxy->host.host));
}
if (o.debugging > 2) error("idlescan_countopen: %d ports found open out of %d, starting with %hu", openports, numports, ports[0]);
return openports;
}
/* Recursively Idlescans scans a group of ports using a depth-first
divide-and-conquer strategy to find the open one(s) */
int idle_treescan(struct idle_proxy_info *proxy, struct hoststruct *target,
error("idle_treescan: Called against %s with %d ports, starting with %hu. expectedopen: %d", inet_ntoa(target->host), numports, ports[0], expectedopen);
error("Adjusting timing because my first scan of %d ports, starting with %hu found %d open, while second scan yielded %d", firstHalfSz, ports[0], flatcount1, retrycount);
error("Adjusting timing because my first scan of %d ports, starting with %hu found %d open, while second scan yeilded %d", secondHalfSz, ports[firstHalfSz], flatcount2, retrycount);