Nmap Development mailing list archives
Re: nmap crashes my appliance
From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Tue, 12 Dec 2006 13:59:53 -1100
Maybe you could try scanning the ports consecutively (-r) and looking at exactly when the crash occurs? Or have you determined that? You could also try slowing down the scan. On Tue, 12 Dec 2006 22:07:58 +0000, "DePriest, Jason R." <jrdepriest () gmail com> said:
On 12/11/06, Hans Nilsson wrote:Well you could try deterimining why it crashes. Does it only crash when scanning above port 34322 for example? And then customize your scan to that.This is a Symantec Firewall/VPN 200 running firmware V1 Rel 8F. The ports that are open on the LAN side are 80, 8088, and 34952. With default logging enabled, the firewall logs a 'SYN Floods attack!!!' for each of the three open ports when nmap scans them. no crash: nmap -sS -p- 192.168.235.1 no crash: nmap -sSV -p- 192.168.235.1 crash: nmap -sSV -O -p- 192.168.235.1 WARNING: RST from 192.168.1.235.1 port 80 -- is this port really open? WARNING: RST from port 80 -- is this port really open? crash: nmap -sSV -O -p1-79,81-65535 192.168.235.1 WARNING: RST from 192.168.235.1 port 8088 -- is this port really open? So it's OS detection causing me grief. crash: nmap -sSV -O1 -p- 192.168.235.1 no specific warnings or errors crash: nmap -sSV -O2 -p- 192.168.231.1 WARNING: RST from 192.168.235.1 port 80 -- is this port really open? How does nmap respond if, while performing OS detection, the target becomes unresponsive? Does it continue to hammer it or does it stop and use what it already has? I have tried running it debugging on, but it still finishes so fast that I cannot tell which check was running when the firewall drops off. The hardware is still up, you just can no longer connect to it or connect through it. If nmap stops running checks when the device fails, then I can figure out which check it was, otherwise, I suppose I would need to understand which checks generate what sort of traffic and see what the responses are. For the sake of argument, would the output of nmap -sSV -O -d --packet-trace -p80,8088,34952 192.168.235.1 be useful. I'd want to restrict the ports to the ones that I know are open to keep the logfile from being too big. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- Hans Nilsson hasse_gg () ftml net -- http://www.fastmail.fm - The professional email service _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- nmap crashes my appliance DePriest, Jason R. (Dec 11)
- Re: nmap crashes my appliance Hans Nilsson (Dec 11)
- Re: nmap crashes my appliance DePriest, Jason R. (Dec 12)
- Re: nmap crashes my appliance Hans Nilsson (Dec 12)
- Re: nmap crashes my appliance DePriest, Jason R. (Dec 12)
- Re: nmap crashes my appliance Hans Nilsson (Dec 11)