Re: too many open files

[Vasiliy Kulikov <segoon () openwall com>]

On Wed, Nov 02, 2011 at 20:34 +0100, Patrik Karlsson wrote:
> On Wed, Nov 2, 2011 at 7:53 PM, Vasiliy Kulikov <segoon () openwall com> wrote:
> > ...
> > NSE: smb-flood: Connection successfully opened
> > NSE: SMB: Invalid NTLM challenge message: unexpected signature.
> > NSE: SMB: WARNING: the server appears to be Unix; your mileage may vary.
> > NSE: SMB: Extended login to 127.0.0.1 as \guest failed, but was given
> > guest access (username may be wrong, or system may only allow guest)
> > NSE: smb-flood: Connection successfully opened
> > Socket troubles: Too many open files
> > nmap: nsock_core.c:1176: nsp_add_event: Assertion `nse->iod->sd >= 0'
> > failed.
...
> The smb-flood script attempts to perform a DoS against the remote SMB
> server by exhausting the remote servers connection limit.
> The description states:
> "This is *not* recommended as a general purpose script, because a) it
> is designed to harm the server and has no useful output, and b) it
> never ends (until timeout)."
>
> Based on the code it looks like theres an infinite loop opening new
> connections (but not closing them) against the remote server.
> So the error message your seeing is the result of your local system hitting
> the limit of simultaneously connected sockets.

IMHO "never ends" and "falls after some time because of a local system
limit" are different things.  E.g. I cannot open too many connections
even if I'm a root.  Probably try to raise a limit to UNLIM and
gracefully continue with a some limit at init time?  Or even change
smb-flood's logic not to open MAX_NFILES-100 sockets if we're not
privileged.

Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/