Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.

List Archives

Latest Posts

Re: OS X 10.6 diagnosis: pcap timeout and bpf device access David Fifield (Nov 07)
I think it's because the release I made on 10.5 was compiled as a 32-bit
executable, and the default compiler target on 10.6 is 64-bit, but I
haven't tested that yet. We could, of course, build the next release as
32-bit, but that doesn't help the people who build from source unless we
make it automatic in the build system.

For what it's worth, I ran a copy of Nmap that I had built on 10.5 and
still had installed after upgrading to 10.6. It...

Re: OS X 10.6 diagnosis: pcap timeout and bpf device access Walt Scrivens (Nov 07)
David,
Thanks for sticking with this. You've done an impressive bit of
analysis work. Your explanation is so good that even I begin to
understand what's going wrong, although I suppose the chances of apple
ever doing anything about it are slim to none.

Since the problem doesn't happen in the released version 5, the
problems you've uncovered are specific to 5.05BETA-1. Do we know why
those changes were made, and what the impact of...

Re: Simple script: random (garbage) fuzzer Jon Kibler (Nov 07)
Fyodor wrote:

Re: Use case for this script?

I have not had a chance to look at this NSE script. However, random garbage
generators are a VERY useful testing tool, especially against embedded systems
(printers, VoIP phones, environmental sensors, etc.) and real-time systems
(SCADA, PLCs, DCS, security, HVAC, etc.). They very rapidly identify brittle IP
stacks and how well systems handle unexpected traffic.

I regularly use custom protocol...

OS X 10.6 diagnosis: pcap timeout and bpf device access David Fifield (Nov 07)
I have been looking into this problem, and I think I have found the
cause, or rather causes, both of which appear to be Apple bugs. The
first is that setting timeouts for read events doesn't work unless the
timeout is at least 1000 milliseconds. The second is that opening a
/dev/bpf? device in O_WRONLY mode and binding it to an interface causes
all other listeners on the interface to see only outgoing traffic. I
don't know of a nice quick fix for...

exclude targets Si Stransky (Nov 07)
My salutations to all nmap followers,

I have something going wrong with certain sorts of exclude targets..
see for example

$ nmap -sL -n --exclude 10.0-253.0.1 10.250-255.0.22
..
nmap: TargetGroup.cc:459: int
TargetGroup::get_next_host(sockaddr_storage*, size_t*): Assertion
`ipsleft == 1' failed.
Aborted

$ nmap -sL -n -q --exclude 10.10.250-255.22 10.10.250-255.0-255
..
pine: TargetGroup.cc:459: int...

Re: Simple script: random (garbage) fuzzer Ron (Nov 07)
Fyodor wrote:

No, I'm doing a class right now and the instructor mentioned it. His
case was primarily finding low-hanging fruit services on certain systems.

It might be need to write fuzzers for specific protocols, too. HTTP
fuzzer, SMB fuzzer, etc etc. That's something I hadn't really thought of
using NSE for before.

Sure, any suggestions on how long it should go for?

Most services do terminate the connection pretty fast when they receive...

Zenmap fails to start. AFH Security (Nov 07)
Hey guys,

Running Ubuntu 9.10 Karmic Koala, on an amd64 system arch.
When I try to run zenmap (I wanted to see the new filter list button
that was mentioned in the change log) I get the following error.

"[Errno 2] No such file or directory: '/usr/share/zenmap/config'"

I searched my comp, and the zenmap dir is located at
"/usr/local/share/zenmap"
Any idea on what I'm doing wrong?

The steps I took to compile were the...

Support for IPv6 name servers in nmap Ankur Nandwani (Nov 06)
Hey Guys,

I just wrote a patch for Nmap's parallel DNS resolver which allows it
to make use of IPv6 name servers. David has committed the patch in
r16016. Please test it and let me know if there are any issues.

Thanks
Ankur

Re: Simple script: random (garbage) fuzzer Fyodor (Nov 06)
Nice. Did they request it on a public forum somewhere that you can
link to? It would be interesting to know more about the use case they
have in mind.

Maybe it should include a stopafter limit by default? That way it
doesn't go forever for people who acidentally specify it (perhaps
among other scripts) without specifying the stopafter arg.

Also, you might want to make this output line more clear:
return false, string.format("Finished...

Re: Ron/fuzz-garbage script Ron (Nov 06)
Hi mike,

You're right about the chunksize -- the way I designed it, it only sends
in 'chunksize' blocks, so the 'stopafter' value is rounded up (I put
that in the NSEDoc at the top). It's the cleanest way to do it, I think.

Can you link to where you reported that error? I don't remember anything
about it, but it may be from before my time (or in a thread I didn't read)

Thanks!
Ron

mike wrote:

Ron/fuzz-garbage script mike (Nov 06)
Ron

not sure if this is a windows thing or not. i noticed the output after i tested it and i set the args value for
"stopafter" to just 10 bytes. the output from nmap reports this as "10 bytes sent" howver i noticed that what was sent
to the socket in testing was the 1024 bytes default value. seting the chunksize is apparently the only way i can
control the bytes to be the exact value that nmap reports back as what was...

Re: man page translations Fyodor (Nov 06)
I'm all for that!

That concerned me at first because most people will want at most 1 or
2 languages, and we already have 16 with more coming. But the
instructions later in your email may be the best way for such people
to proceed.

I have those directories, but even the largest of them is less than
10% the size of my English man pages.

This sounds like a good way for people who don't want the extra man
pages to deal with it. As you note, it...

Implementation sketch for Ncat caretaker processes David Fifield (Nov 06)
Look at the netrun function in ncat_posix.c. It forks to create a new
process, then calls netexec. netexec reassigns some file descriptors,
then runs execl to run a new process with the changed descriptors. When
the new process reads and writes stdin and stdout, it is really reading
and writing the socket.

What I was thinking of is that netexec can first create a pair of pipes
(...

Re: nmap XML output - host latency David Fifield (Nov 06)
We already have an element for latency, but it seems it is not written
for ping scans. "nmap -oX - -F scanme.nmap.org" prints

<times srtt="68616" rttvar="20892" to="152184" />

but "nmap -oX - -sP scanme.nmap.org" doesn't print it. I think this is
just an oversight because there are two separate places where host
output can be written depending on whether anything happens past a ping
scan....

Re: Ron/fuzz-garbage script Ron (Nov 06)
Hi Mike,

It shouldn't freeze Nmap, but it could be an issue with how the Windows
version of Nmap handles sockets. All it's doing it looping and sending
data. My solution would be to not run Nmap on Windows, but that's just me ;)

As for different chunksizes, the functionality already exists. There are
two script-args, one for the total amount of data to send (default:
unlimited), and one for the size of the chunks (default: 1024).

Ron

mike...

More Lists

Dozens of other network security lists are archived at SecLists.Org.