Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Buffer space Problems

Re: Buffer space Problems

From: David G. Cheney <dgc_at_rocketfiber.com>
Date: Wed, 14 Apr 2004 10:35:24 -0700

I believe this isn't just an nmap problem.

I have encountered similar problems useing a home grown scanner similar
to fping on FreeBSD. The buffer starvation in my case is related to the
arp table growing to hundreds of thousands of entries. In FreeBSD 4.8
there was a known denial of service vulnerability based on this
behavior, and where it was claimed to have been fixed the problem still
occurs when it is the local arp daemon making the requests.

My workaround was pretty ugly. I resorted to flushing the arp table
every couple of thousand probes. This solves the problem on FreeBSD
(btw. 5.2.1 still has this issue). I'm guessing that Linux has some
similar issues.

I personally don't think it should be the task of the user space
application (i.e. scanner) to deal with resource starvation issues like
this, but to be fair to the various kernels a scanner is not a typical load.

If anyone has an alternate solution I would love to hear it.

--dgc

joeclifton_at_bellsouth.net wrote:

> Any help is appreciated.
>
> My Command line:
>
> nmap -sP -PI -oA ping-10.10.0.0 10.10.0.0/16
>
> Obvisouly, I am running out of buffer space somewhere, but where is my question, and is there a solution, except to reduce the size of the subnet being scanned. I first tired -T4, and backed it all the way down to -T1, with almost no difference. I get lots of hosts returned as being up, then it starts giving me the error below. I have tried different size subnets, and the largest I can scan with out geting the error is /22.
>
> I sometimes get an error similar to #2 below. (can;t remember the whole thing, and forgot to copy it.)
>
> I scan a lot of large subnets, and would like to ge this resolved.
> Is there another way to throttle back, besides the timing option? I hate having to do 20 or 25 smaller scans, then cat'ing them together.
>
> error #1
>
> sendto in sendpingquery returned -1 (should be 8)!
> sendto: No buffer space available
>
> error #2
> RTTVAR
>
>
> My versions:
>
> nmap version 3.48
>
> Linux xxx.xxxx.org 2.4.22-1.2174.nptl #1 Wed Feb 18 16:38:32 EST 2004 i686 i686 i386 GNU/Linux (Fedora Core 1)
>
>
> Thanks again for any help....
>
> joe
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help@insecure.org . List archive: http://seclists.org
>
>
>

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Apr 14 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos