Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: 4.22SOC6 Crash With Connect() Scan

Re: 4.22SOC6 Crash With Connect() Scan

From: David Fifield <david_at_bamsoftware.com>
Date: Thu, 13 Sep 2007 15:54:22 -0600

On Thu, Sep 13, 2007 at 05:37:24PM +0100, Rob Nicholls wrote:
> Hi Everyone,
>
> I finally got around to testing the new 4.22SOC6 win32 binary (using the
> zip file) and spotted that it crashed when I asked it to perform a
> Connect() Scan.
>
> --------------- Timing report ---------------
> hostgroups: min 1, max 100000
> rtt-timeouts: init 1000, min 100, max 10000
> max-scan-delay: TCP 1000, UDP 1000
> parallelism: min 0, max 0
> max-retries: 10, host-timeout: 0
> ---------------------------------------------
> Initiating Connect() Scan at 16:50
> Scanning xxxx.xxxx.xxxx.net (xx.xxx.xxx.xx) [1705 ports]
> CONN (0.2540s) TCP localhost > xx.xxx.xxx.xx:113 => Unknown error
> CONN (0.2550s) TCP localhost > xx.xxx.xxx.xx:21 => Unknown error
> CONN (0.2560s) TCP localhost > xx.xxx.xxx.xx:389 => Unknown error
> CONN (0.2570s) TCP localhost > xx.xxx.xxx.xx:1723 => Unknown error CONN
> (0.2580s) TCP localhost > xx.xxx.xxx.xx:25 => Unknown error
> CONN (2.2550s) TCP localhost > xx.xxx.xxx.xx:25 => Unknown error
> CONN (2.2580s) TCP localhost > xx.xxx.xxx.xx:1723 => Unknown error CONN
> (2.2600s) TCP localhost > xx.xxx.xxx.xx:389 => Unknown error
> CONN (2.2620s) TCP localhost > xx.xxx.xxx.xx:21 => Unknown error
> CONN (2.2650s) TCP localhost > xx.xxx.xxx.xx:113 => Unknown error
> CONN (3.2560s) TCP localhost > xx.xxx.xxx.xx:22 => Unknown error
> CONN (3.2590s) TCP localhost > xx.xxx.xxx.xx:636 => Unknown error
> CONN (3.2610s) TCP localhost > xx.xxx.xxx.xx:554 => Unknown error
> CONN (3.2630s) TCP localhost > xx.xxx.xxx.xx:443 => Unknown error
> CONN (3.2650s) TCP localhost > xx.xxx.xxx.xx:80 => Unknown error
> CONN (4.2570s) TCP localhost > xx.xxx.xxx.xx:22 => Unknown error
> CONN (4.2600s) TCP localhost > xx.xxx.xxx.xx:636 => Unknown error
> CONN (4.2630s) TCP localhost > xx.xxx.xxx.xx:554 => Unknown error
> CONN (4.2650s) TCP localhost > xx.xxx.xxx.xx:443 => Unknown error
> CONN (4.2680s) TCP localhost > xx.xxx.xxx.xx:80 => Unknown error
> CONN (5.2580s) TCP localhost > xx.xxx.xxx.xx:23 => Unknown error
> CONN (5.2610s) TCP localhost > xx.xxx.xxx.xx:53 => Unknown error
> CONN (5.2640s) TCP localhost > xx.xxx.xxx.xx:3389 => Unknown error CONN
> (5.2670s) TCP localhost > xx.xxx.xxx.xx:256 => Unknown error
> CONN (5.2690s) TCP localhost > xx.xxx.xxx.xx:61439 => Unknown error

I was able to reproduce this on Windows XP, both the "Unknown error" and
the crash. I'll investigate it and let you know what I find.

> Running the exact same command with nmap 4.11, 4.21-A1, 4.22SOC2,
> 4.22SOC3, 4.22SOC5 appears to work fine. This seems to have started with
> 4.22SOC6.

The big change between 4.22SOC5 and 4.22SOC6 was the massping migration,
which changes the way host discovery is done. That shouldn't affect port
scans, but you never know.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Sep 13 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos