Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Potential bug in nmap or ftp-anon script
From: David Fifield <david () bamsoftware com>
Date: Sun, 14 Jun 2009 16:44:02 -0600

On Thu, Jun 04, 2009 at 11:44:43PM -0400, Sina Bahram wrote:
When I scan a specific IP address running an ftp server which allows
anonymous logins, with the anonymous ftp script, I receive the appropriate
output.

However, if I scan a series of IP addresses, one of which includes this IP,
that particular IP doesn't have the appropriate output from the anonymous
ftp script.  It does show that IP having port 21 open, but doesn't fire off
the appropriate anonymous message.


Example with fake addresses:


nmap --script ftp-anon -p21 1.2.3.4

Shows the right stuff

nmap --script ftp-anon -p21 1.2.3-5.*

Just shows 1.2.3.4 as having ftp 21 open, but no luck on the anonymous
script firing off the right message.

It does show other hosts like 1.2.4.2 or 1.2.5.23 having 21 open and
displays the anonymous message for them, so this is how I know the script is
partially working.

The strange thing, of course, is that other Ips in that range trigger the
appropriate response from the script, and they all seem to be correct.
However, I'm now positive that it is missing some.

Using nmap 4.85 beta 9

Ideas?

Maybe the timeout is too short. Try increasing the number in this line
of ftp-anon.nse:

        socket:set_timeout(5000)

Another suggestion I had is to run with -d --script-trace, and then grep
for the IP in question. If the script is timing out or encountering
another error, that will show it.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]