Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Hard loop while Conficker scanning
From: Ron <ron () skullsecurity net>
Date: Thu, 02 Apr 2009 09:16:34 -0500

shorejsi2 () mmm com wrote:
I have been having problems with Nmap going into a hard loop when scanning certain IP ranges for Conficker infections. After some investigation, I believe I have found the cause (and a resolution.)
There is code in the smb.lua script that looks like the following:

...
        -- Some broken implementations of SMB don't send these variables
        if(smb['time'] == nil) then
                time = 0
        end
        if(smb['timezone'] == nil) then
                timezone = 0
        end
        if(smb['key_length'] == nil) then
                key_length = 0
        end
...

This was apparently added to handle non-conformant SMB implementations. I changed this code to look like this:

...
        -- Some broken implementations of SMB don't send these variables
        if(smb['time'] == nil) then
                smb['time'] = 0
        end
        if(smb['timezone'] == nil) then
                smb['timezone'] = 0
        end
        if(smb['key_length'] == nil) then
                smb['key_length'] = 0
        end
...

I think this is what the author originally intended. I can now scan networks with 'troublesome' SMB implementation without Nmap going into a loop. Was this the right fix?
 Whom do I tell about this?


                        -=[ Steve ]=-

Hey Steve,

You found the right person (twice!). I committed your fix this morning, good catch on it.

For my own curiosity, which operating systems were doing that. Me and Brandon found a whole lot of printers and things of that nature that implemented SMB badly, but I'm surprised to find something that didn't turn up on Brandon's network.

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault