Nmap Development mailing list archives

RE: nmap -P0 reboots Windows XP

From: "Sean Warnock" <swarnock () warnocksolutions com>
Date: Wed, 8 Mar 2006 07:42:51 -0800

        Doh, two e-mails to the list in one day this may be a record for
me.  The biggest thing I have had for failing RAM in PC's though has
been to run memory test overnight.  This gives the PC plenty of time to
heat cycle.  Sometimes it just take a few hours and a module will start
failing. 
Down the lines of Mike's comments you might consider trying out
Microsoft's memory diagnostic (yes it is free and you don't need to have
a validated copy of windows).  It might use a different set of patterns
for testing that match up better with Windows.
http://oca.microsoft.com/en/windiag.asp

Sean

-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Mike C
Sent: Wednesday, March 08, 2006 5:31 AM
To: 'Kris Katterjohn'; nmap-dev () insecure org
Subject: RE: nmap -P0 reboots Windows XP

Memory faults can be weird. Memtest86 is pretty good at detecting them -
but
not infallible - it even says so somewhere on the web page/docs.

I once had a stick of memory that tested fine on memtest86, ran windows
OK -
and the only fault I could ever find with it was that when using Winzip
to
zip up large files I got corrupted zip files - swap out that memory
stick
and winzip worked fine.

As memtest86 docs explain - memory can fail on specific patterns (of
data)
or even a specific sequence of specific patterns of data. Given that -
it's
perfectly possible that your memory fault won't show up under Linux and
only
shows up under windows when you run nmap. 

Regards,

Mike


-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org]
On Behalf Of Kris Katterjohn
Sent: 08 March 2006 01:03
To: nmap-dev () insecure org
Subject: Re: nmap -P0 reboots Windows XP


Kris Katterjohn wrote:

Bryan wrote:

If you disable auto-reboot on error, do you get a blue screen or

error

message?

Regards,

Bryan

On 3/7/06, Kris Katterjohn <kjak () ispwest com> wrote:


I didn't know you could do that. I googled it, turned it off and got a

BSOD:


IRQL_NOT_LESS_OR_EQUAL

So I googled that and saw that it sometimes comes up because of

hardware

failure. I installed some more RAM in that box last week, but haven't

had
any

problems with it. It's a lesser used box that dual-boots Windows and

Linux,

but both have been used for normal things and have worked fine.

I took the RAM out, tried nmap about 20 times and Windows didn't

reboot at

all. So the RAM was apparently the root of the problem, but

winpcap/nmap
was

the thing that caused it.

Now I'm off to see what I can do about this.....

Thanks a lot,
Kris Katterjohn


Okay, I know this probably isn't the place to discuss this, so if it
gets to
be too many emails on this or something, I'll take it off the list. Or,
Fyodor, just ask whenever and I'll do it and try to just email some
people.

I had a few people email me about memtest86 and memtest86+ (and thanks
again
to those of you who did). 0 errors.

I mentioned this to Daniel Roethlisberger (who emailed me about
memtest86+):

Both Windows and Linux see all the RAM. I had done tcpdump, nmap, and
plenty
of other things on Linux on that box after the RAM was installed and
before
the Windows problem. I didn't have any problems whatsoever. Windows
seemed
fine before winpcap/nmap was installed on there. I don't actually think
it
was
winpcap or nmap broke it, but something Windows did. Or: winpcap/nmap
did
something, but Windows messed it up. Does anybody have any idea what
Windows
would do or cause to mess up when the RAM seems fine and Linux has no
problem
with it?

New RAM:           okay
Linux + new RAM:   okay
Linux - new RAM:   okay
Windows + new RAM: bad
Windows - new RAM: okay

Thanks,
Kris


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Re: nmap -P0 reboots Windows XP, (continued)
- Re: nmap -P0 reboots Windows XP Bryan (Mar 07)
  - Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 07)
    - Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 07)
    - Re: nmap -P0 reboots Windows XP Casey Williams (Mar 08)
    - Re: nmap -P0 reboots Windows XP Loris Degioanni (Mar 08)
    - Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 08)
    - Re: nmap -P0 reboots Windows XP Bryan (Mar 08)
    - Re: nmap -P0 reboots Windows XP Casey Williams (Mar 08)
- RE: nmap -P0 reboots Windows XP Mike C (Mar 08)
- RE: nmap -P0 reboots Windows XP Sean Warnock (Mar 08)
- RE: nmap -P0 reboots Windows XP Sean Warnock (Mar 08)
  - Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 08)