Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: Potential bug in nmap or ftp-anon script
From: "Sina Bahram" <sbahram () nc rr com>
Date: Fri, 5 Jun 2009 15:49:42 -0400

My only concern with doing so is that such IP's are publically accessible.

Could you and I work on this privately off list, or is there a nice way to
anonymize the information without ruining it's usefulness in debugging?

Take care,
Sina

-----Original Message-----
From: Joao Correa [mailto:joao () livewire com br] 
Sent: Friday, June 05, 2009 3:44 PM
To: Sina Bahram
Cc: nmap-dev
Subject: Re: Potential bug in nmap or ftp-anon script

Hi Sina,

I think it is hard to reproduce such bug. Could you run nmap with
"-d3" option and show us the complete output?

Thank you!

On Fri, Jun 5, 2009 at 12:44 AM, Sina Bahram<sbahram () nc rr com> wrote:
Hi all,

When I scan a specific IP address running an ftp server which allows
anonymous logins, with the anonymous ftp script, I receive the appropriate
output.

However, if I scan a series of IP addresses, one of which includes this
IP,
that particular IP doesn't have the appropriate output from the anonymous
ftp script.  It does show that IP having port 21 open, but doesn't fire
off
the appropriate anonymous message.


Example with fake addresses:


nmap --script ftp-anon -p21 1.2.3.4

Shows the right stuff

nmap --script ftp-anon -p21 1.2.3-5.*

Just shows 1.2.3.4 as having ftp 21 open, but no luck on the anonymous
script firing off the right message.

It does show other hosts like 1.2.4.2 or 1.2.5.23 having 21 open and
displays the anonymous message for them, so this is how I know the script
is
partially working.

The strange thing, of course, is that other Ips in that range trigger the
appropriate response from the script, and they all seem to be correct.
However, I'm now positive that it is missing some.

Using nmap 4.85 beta 9

Ideas?

I was about to gather some data for a little report, and now I suddenly
have
no confidence in the accuracy of this data anymore.

Take care,
Sina


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault