nmap shows random open ports on localhost for a fraction of a second

前端 未结 1 825
伪装坚强ぢ
伪装坚强ぢ 2021-01-03 14:44

When I scan myself I will often see random open ports:

nmap -sT -T normal -p 1-65535 localhost

E.g.

43194/tcp open  unknown         


        
1条回答
  •  抹茶落季
    2021-01-03 15:10

    Yes, this is a known issue with Linux: a connection to localhost on a closed ephemeral port has a small chance (usually about 1 in 28000) of connecting to itself with a 4-way or "split" handshake. Nmap suffers the most from this bug, since it connects to so many different ports at once that the chances amount to a near-certainty of happening at least once in a localhost -sT (TCP Connect) scan.

    Nmap has a long history with this bug. In 1999, Fyodor reported it to the LKML, but it was deemed to be an edge case in the RFC, and not a bug in the Linux kernel. A workaround was put in place in 2000, but it was removed in February 2013 as part of a cleanup effort, since it had a race condition. The next release was Nmap 6.40, which you say shows the invalid results.

    Last summer, I introduced a change to check for and re-test these spurious results. The next release of Nmap will not have the same problem.


    EDIT: The bug affected versions 6.40 - 6.47. It was fixed in 6.49BETA1 (2015-06-03).

    0 讨论(0)
提交回复
热议问题