Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: NSE loop issue with filtered ports

NSE loop issue with filtered ports

From: Thomas Buchanan <TBuchanan_at_thecompassgrp.net>
Date: Thu, 29 Nov 2007 16:07:28 -0600

While working on a new NSE script, I've noticed an issue with NSE and
filtered ports where nmap appears to go into an infinite loop. The
process grabs 100% of the available CPU, and the scan never makes any
progress. I worked up a test script which replicates the issue. It
attempts a connection to a single UDP port, and waits for a response.
If I run this script against 10 or fewer hosts, everything works fine.
When I run it against 11 or more hosts with the targeted port filtered,
I see the issue with the looping. When I enable debug output, after
about 7 seconds of typical output, I get hundreds of thousands of lines
of output like this:

NSOCK (80.9030s) nsock_loop() started (timeout=50ms). 0 events pending

I let one of my test sessions run for about a minute with -d enabled,
and it generated a little over 500 MB of output:
$ ls -lh test4.txt
-rw-r--r-- 1 root root 511M 2007-11-29 15:25 test4.txt

$ grep nsock_loop test4.txt |wc -l
7550444

$ grep -v nsock_loop test4.txt |wc -l
643

The last few lines before the nsock_loop repeats are:

NSOCK (6.9090s) nsock_loop() started (timeout=50ms). 1 events pending
NSOCK (6.9090s) wait_for_events
NSOCK (6.9090s) PCAP read_on_nonselect
NSOCK (6.9090s) PCAP END read_on_nonselect
NSOCK (6.9590s) nsock_loop() started (timeout=50ms). 1 events pending
NSOCK (6.9590s) wait_for_events
NSOCK (6.9590s) PCAP read_on_nonselect
NSOCK (6.9590s) PCAP END read_on_nonselect
NSOCK (7.0080s) nsock_loop() started (timeout=50ms). 1 events pending
NSOCK (7.0080s) wait_for_events
NSOCK (7.0080s) PCAP read_on_nonselect
NSOCK (7.0080s) PCAP END read_on_nonselect
NSOCK (7.0580s) Callback: READ TIMEOUT for EID 242
[192.168.128.170:1434]
NSOCK (7.0580s) msevent_delete (IOD #10) (EID #242)
NSOCK (7.0580s) nsock_loop() started (timeout=50ms). 0 events pending
NSOCK (7.0580s) nsock_loop() started (timeout=50ms). 0 events pending
NSOCK (7.0580s) nsock_loop() started (timeout=50ms). 0 events pending
...

This issue shows up on both Linux and Windows test systems. If anybody
would like the test script I used, I'll be happy to share it. If any
more information would be helpful, I'll try to provide it.

Thanks,

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Nov 29 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos