Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap issue
From: bensonk () acm wwu edu
Date: Sat, 17 May 2008 10:20:02 -0700

I really don't like the idea of having nmap start something that runs as
a service by default.  It's that kind of thing that makes windows
machines all slow and obnoxious after you've installed a few dozen
things.  Maybe that's not what you're proposing, but if it is, I
disagree.  If it isn't, I apologize for misinterpreting what you said.  

Benson

On Sat, May 17, 2008 at 03:32:46PM +0100, Rob Nicholls wrote:
-----Original Message-----
From: Gianluca Varenni [mailto:gianluca.varenni () gmail com]
Sent: 17 May 2008 00:16
To: Brandon Enright; Mike pattrick
Cc: nmap-dev () insecure org; bmenrigh () ucsd edu
Subject: Re: nmap issue
<snip>
if you set the driver npf.sys to start at boot time,
you solve the issue, as the driver is already up and running when 
nmap needs even with non fully elevated privileges (and I think 
this is what Wireshark does upon installation on Vista).

I've suggested this before when people have come across this issue, as it's
what I generally do when I've installed Nmap on Vista (as I like to keep UAC
enabled):

http://seclists.org/nmap-dev/2007/q4/0548.html

As Gianluca points out, this means you can run Nmap as a standard user
rather than restricting access to Administrators (or UAC nagging every time
Nmap is invoked), which I think is a lot nicer/cleaner.

I've previously suggested using the installer (which runs elevated) to set
the registry key to start WinPcap at bootup and then somehow (ideas??) load
the driver so that it's already up and running (to save the user from having
to restart their PC or run Nmap/Zenmap elevated in order to load the driver
immediately after installation):
 
http://seclists.org/nmap-dev/2007/q4/0553.html

I believe Wireshark uses the official WinPcap installer, but allows the user
to check a box to change the default registry key (presumably set once
WinPcap has installed itself with the default key value):

http://www.everythingeverything.co.uk/files/winpcap_services_checkbox.png

I quite like this option, perhaps this question could be added to the Nmap
Windows installer? I would hope that people using the zip file version of
Nmap either already have WinPcap installed or are sufficiently technical to
know about UAC/elevation/the registry setting.


Rob



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Attachment: _bin
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]