Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NSock error when scanning nessusd
From: Tom Sellers <nmap () fadedcode net>
Date: Fri, 13 Jun 2008 22:10:52 -0500

Brandon Enright wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I too have noticed that when Nmap encounters a Nsock error it aborts
abruptly.  Although sometime undesirable, I haven't looked into the
"problem" enough to decide if there is a more graceful error handling
technique that can be used.

I've been doing a giant (hundreds of millions of hosts) SSL survey of
the Internet for a while now and run into this many times with
Nmap/OpenSSL.  My guess is that there is a way to tell OpenSSL to try
SSL 3/2 and on failure fall back on TLS 1 but I haven't looked into it
because the problem is rare enough that it doesn't matter for my survey
project.

I know several Nmap developers are working on different aspects of
OpenSSL and further integration with Nmap/NSE; one of them may be able
to look into this.


I looked at the code for a bit, felt like I was making progress locating
the general problem area and then stepped in way over my head.

After seeing the following code:

**********************************************************************

service_scan.cc line 1814

static int scanThroughTunnel(nsock_pool nsp, nsock_iod nsi, ServiceGroup *SG,
                             ServiceNFO *svc) {

   if (strncmp(svc->probe_matched, "ssl/", 4) == 0) {
     /* The service has been detected without having to make an SSL connection */
     svc->tunnel = SERVICE_TUNNEL_SSL;
     svc->probe_matched += 4;
     return 0;

**********************************************************************

I settled for changing the match line's service entry in nmap-service-probes
to ssl/nessus so as to trigger this clause as a temporary work around.  The
up side is that it lets me work around the issue a service at a time.


Your recent testing and feedback for service fingerprinting has been
most valuable so please keep up the good work!


Thanks much.  I enjoy the work, it helps me professionally and it lets
me give something in exchange for the excellent, free tool that I have
used for years.

Tom



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]