fix: guard _ping() against proxy-ARP false positives

Verify that the ICMP reply source IP matches the target before reporting a host as alive. Prevents scan from returning the entire CIDR range when a gateway answers ARP requests on behalf of all IPs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 08:38:58 +02:00
parent 0a91d840be
commit cf07461436
1 changed files with 6 additions and 1 deletions
@@ -54,7 +54,12 @@ def _ping(ip: str) -> bool:
            capture_output=True,
            timeout=3,
        )
-        return r.returncode == 0
+        if r.returncode != 0:
+            return False
+        # Guard against proxy-ARP / gateway false positives: verify the ICMP
+        # reply actually came from the target IP and not an intermediate node.
+        stdout = r.stdout.decode(errors="ignore")
+        return f"from {ip}:" in stdout or f"from {ip} " in stdout
    except Exception:
        return False