Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS)
From: "Nmap User1" <nmapuser1 () gmail com>
Date: Fri, 6 Sep 2013 16:30:16 -0400

Hello,

I've done some additional testing on the HTTPS/SSL timeout issue (all with
Nmap v6.41):

Ubuntu 10.04 LTS:  No NSE HTTPS/SSL timeout issue. 
Debian 6.0.7:      No NSE HTTPS/SSL timeout issue.
Gentoo (k3.8.13):  No NSE HTTPS/SSL timeout issue.
Fedora 19:         No NSE HTTPS/SSL timeout issue.
Windows 7:         No NSE HTTPS/SSL timeout issue.

Ubuntu 12.04 LTS:  Yes, the NSE HTTPS/SSL timeout issue is exhibited.
Debian 7.1.0:      Yes, the NSE HTTPS/SSL timeout issue is exhibited.
Kali Linux:        Yes, the NSE HTTPS/SSL timeout issue is exhibited.

Testing Notes:
*Randomly selected hosts (from Google): www.bwin.com, home.eease.com, &
www.itslearning.com 
*Nmap command: nmap -v -sS -Pn -p 443 --script=ssl-cert <host>

I've been encountering this timeout issue on nearly every client engagement
since I've switched to Ubuntu 12.04 (affects around 5% of all HTTPS
services).  I suspect many others are experiencing the same issue, however,
as the timeout issue isn't obvious in the results, it's likely to be
overlooked.

So what component in the identified current Debian based distros is causing
nmap to demonstrate this behavior?  The nmap debug logs did not appear
overly helpful in this case.  




-----Original Message-----
From: Henri Doreau [mailto:henri.doreau () gmail com] 
Sent: Thursday, September 05, 2013 2:51 PM
To: Daniel Miller
Cc: Nmap User1; Nmap-dev
Subject: Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu
12.04LTS)

2013/9/5 Daniel Miller <bonsaiviking () gmail com>:
I can replicate the behavior on Ubuntu 12.04 against www.itslearning.com.
I've created pastes with debugging output from 2 versions of Nmap:

* http://pastebin.com/HqFCcYai - Nmap 6.41SVN with -d4
* http://pastebin.com/bCfdqFh3 - Nmap 6.02 with -d3

I also ran a scan without the NSE script immediately followed by 
openssl s_client, which was able to connect with no timeout.

Dan
Hi,

that looks interesting... I can't reproduce, neither on recent fedoras nor
on debian 6.0.7. That could totally be a nsock issue but I see nothing
suspicious from the traces you posted. Do you? Could you maybe retry with
-d9, to also have the full debug log messages? A pcap dump would be helpful.

Regards

--
Henri

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]