Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Consistent nmap hang scanning for Conficker
From: shorejsi2 () mmm com
Date: Thu, 2 Apr 2009 05:16:21 -0500

 I have been having problems using Nmap 4.85BETA6 to scan for Conficker 
infections. I have been able to narrow this down to a consistent set of 
IPs which always results in a hard loop (nmap at 100% CPU). The output 
looks like this:

$ nmap -T4 -p139,445 -v  -v --script=smb-check-vulns --script-args safe=1 
a.b.50.32/28

Starting Nmap 4.85BETA6 ( http://nmap.org ) at 2009-04-02 05:02 CDT
Initiating Ping Scan at 05:02
Scanning 16 hosts [1 port/host]
Completed Ping Scan at 05:02, 0.09s elapsed (16 total hosts)
Initiating Parallel DNS resolution of 16 hosts. at 05:02
Completed Parallel DNS resolution of 16 hosts. at 05:02, 0.00s elapsed
Initiating Connect Scan at 05:02
Scanning 16 hosts [2 ports/host]
Discovered open port 139/tcp on a.b.50.35
Discovered open port 139/tcp on a.b.50.36
Discovered open port 139/tcp on a.b.50.39
Discovered open port 139/tcp on a.b.50.40
Discovered open port 139/tcp on a.b.50.45
Discovered open port 139/tcp on a.b.50.38
Discovered open port 139/tcp on a.b.50.37
Discovered open port 139/tcp on a.b.50.32
Discovered open port 139/tcp on a.b.50.41
Discovered open port 139/tcp on a.b.50.42
Discovered open port 139/tcp on a.b.50.44
Discovered open port 139/tcp on a.b.50.43
Discovered open port 139/tcp on a.b.50.47
Completed Connect Scan at 05:02, 1.48s elapsed (32 total ports)
NSE: Initiating script scanning.
Initiating NSE at 05:02
NSE Timing: About 84.62% done; ETC: 05:03 (0:00:06 remaining)
NSE Timing: About 84.62% done; ETC: 05:03 (0:00:11 remaining)
NSE Timing: About 84.62% done; ETC: 05:04 (0:00:17 remaining)
NSE Timing: About 84.62% done; ETC: 05:04 (0:00:22 remaining)
NSE Timing: About 84.62% done; ETC: 05:05 (0:00:27 remaining)
NSE Timing: About 84.62% done; ETC: 05:06 (0:00:33 remaining)
NSE Timing: About 84.62% done; ETC: 05:06 (0:00:38 remaining)
NSE Timing: About 84.62% done; ETC: 05:07 (0:00:44 remaining)
NSE Timing: About 84.62% done; ETC: 05:07 (0:00:49 remaining)
NSE Timing: About 84.62% done; ETC: 05:08 (0:00:55 remaining)


 What can I contribute that will help understand this problem?


                        -=[ Steve ]=-


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]