Hello Martin,
Thanks for the bug report! I was able to reproduce the bug and I've managed to track it down to the function
service_scan.cc:adjustPortStateIfNeccessary().
This function exists because in some cases (especially UDP) we can determine that a port is actually OPEN instead of OPEN|FILTERED thanks to the service scan. This happens when a UDP service doesn't respond to the scanning probes but does respond to at least one of our service probes.
It looks like the problem is that this function actually adds a new port to the portlist instead of just adjusting the state of the existing probe. This is the reason why your scan wasn't working: The service details of the port get set before this function call and the new port that this function overrides it with has no service information.
I've attached a patch that I hope will deal with this properly.
Good find!
Doug Hoyte
On Fri, Oct 21, 2005 at 09:57:35AM +0200 or thereabouts, Martin Ma?ok wrote:
> Running nmap UDP version scanning against service with fingerprint in
> the database does not print the match:
>
> # nmap -P0 -d --version_trace -sUV -p53 localhost
> [..]
> Service scan match (Probe DNSVersionBindReq matched with DNSVersionBindReq): localhost (127.0.0.1):53 is domain. Version: |pdnsd|||
> [..]
> 53/udp open domain?
>
> Martin Ma?ok
> ICT Security Consultant
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Oct 21 2005
Intro
