Nmap Development mailing list archives
FW: NMap crash with -sU
From: "Orgle" <orgle () charter net>
Date: Sat, 5 May 2007 21:34:37 -0500
-----Original Message----- From: Orgle [mailto:orgle () charter net] Sent: Friday, May 04, 2007 10:59 PM To: 'Gianluca Varenni' Subject: RE: NMap crash with -sU Hi: I completely uninstalled ZoneAlarm (not just shut it down). Ran the scan with the Intel NIC (onboard NIC), and it crashed again. After reinstalling ZoneAlarm, in the general tab, it's got Network Monitor Driver in there, along with TCP/IP, QoS, Client for Microsoft networks, & file & print sharing. So, the Zone Alarm binding must be hidden. Tried it again, and with the Intel NIC, it crashed, with the 3Com running (and with ZoneAlarm running) the scan went through. John -----Original Message----- From: Gianluca Varenni [mailto:gianluca.varenni () gmail com] Sent: Friday, May 04, 2007 7:34 PM To: Orgle Subject: Re: NMap crash with -sU The only way to disable it is to unbind the zonealarm IM driver from that card. Disabling it at boot or disabling the service won't probably help, as the IM driver is still there in the protocol stack. If they don't hide their IM driver, you can unbind the zonealarm from a specific adapter by opening the properties of a network adapter, in the "general" tab there's a list of what's bound to your adapter. You should have an item with a name like "Zone labs bla bla bla" or similar. Just uncheck that item. Hope it helps GV ----- Original Message ----- From: "Orgle" <orgle () charter net> To: "'Gianluca Varenni'" <gianluca.varenni () gmail com> Sent: Friday, May 04, 2007 5:18 PM Subject: RE: NMap crash with -sU
I will take the Zonealarm out of the startup, and disable the service, and see if it changes things. John -----Original Message----- From: Gianluca Varenni [mailto:gianluca.varenni () gmail com] Sent: Friday, May 04, 2007 5:24 PM To: Orgle Subject: Re: NMap crash with -sU A quick look at both the minidumps shows two drivers involved in the crash, the intel miniport driver and the zonelabs/zonealarm one (which is *always* there, even if you disable it). I dont want to say that the intel drivers are perfect, but i would also suspect a problem with the zonelabs one. It won't be the first time I see random crashes due to bugs in the drivers used by these personal firewalls. As much as it can also be some remote bug in WinPcap corrupting the memory and causing a later crash (although I frankly doubt so). Ciao GV ----- Original Message ----- From: "Orgle" <orgle () charter net> To: "'Gianluca Varenni'" <gianluca.varenni () gmail com> Sent: Friday, May 04, 2007 2:26 PM Subject: RE: NMap crash with -sUHere's a minidump from today - Thanks, John -----Original Message----- From: Gianluca Varenni [mailto:gianluca.varenni () gmail com] Sent: Friday, May 04, 2007 4:15 PM To: Orgle; 'Brandon Enright' Cc: nmap-dev () insecure org Subject: Re: NMap crash with -sU John, do you have a crash dump/minidump for the Intel card? I would be interested to just have a look at it and make sure it's not a WinPcap issue. Have a nice day Gianluca Varenni WinPcap Team ----- Original Message ----- From: "Orgle" <orgle () charter net> To: "'Brandon Enright'" <bmenrigh () ucsd edu> Cc: <nmap-dev () insecure org> Sent: Friday, May 04, 2007 6:25 AM Subject: RE: NMap crash with -sUThanks Brandon. Turned off automatic reboot, got the BSOD, and the file with the problem was e1e5132.sys, which is part of the Intel Pro/1000 PM software. Went to Intel's site, downloaded latest software for it (after having to look all over the place), loaded, and retested - same BSOD, with same .sys file. Driver for the card was 9.3.28.0, and after loading Intel's latest software is 9.7.34. I've got a 3Com 3C905 NIC also installed in the system. Disabled the Intel card, enabled the 3Com, gave it the same IP, ran the scan with no problems - even with ZoneAlarm and everything else running. So, problem looks to be with the Intel NIC card. Good old 3Com - their cards always seem to work ;-) John -----Original Message----- From: Brandon Enright [mailto:bmenrigh () ucsd edu] Sent: Friday, May 04, 2007 1:22 AM To: Orgle Cc: nmap-dev () insecure org; bmenrigh () ucsd edu Subject: Re: NMap crash with -sU On Thu, 3 May 2007 21:46:09 -0500 plus or minus some time "Orgle" <orgle () charter net> wrote:Running NMap 4.20 on a XP SP2 box, with all the latest Microsoft patches installed - on a new Gateway desktop PC (business class machine) When I run a nmap -vv -sU -P0 68.188.xxx.xxx the command starts to run, then my PC crashes - reboots, no BSOD. After reboot, get a Windows has recovered from a serious error, and back from Microsoft get the following response on the trouble. Have run some other queries without a problem, just (so far) had the crash when using the -sU option. Use ZoneAlarm PC firewall software also (turned ZoneAlarm off, same problem.)According to the Microsoft page you were receiving a stop error (BSOD). It probably just blinked by so fast your screen never drew it. Go ahead and disable the automatic reboot on error so that you can read the BSOD. Instructions are available at http://pcsupport.about.com/od/tipstricks/ht/disautorestart.htm Next time you get the BSOD record the stop error, and if provided, the sys file listed at the bottom that the error occurred in. Also, if you haven't do so already, install WinPCAP 4.0. This error could be anything from a bug in Nmap to a bug in WinPCAP, Windows, your NIC's Driver, ZoneAlarm or some odd interaction of various bugs between all five.PC is 4 months old with 3G of memory, and is a Duo2 processor, so lots of horsepower. Any ideas or have you seen this one before? The Ethernet port is on-board the motherboard, and is an Intel Pro/1000 PM Ethernet chip setup. Downloaded a BIOS update, same problem. No NIC driver updates seem available. The error URL is
http://wer.microsoft.com/responses/Response.aspx/10/en-us/5.1.2600.2.0001010
0.2.0?SGD=47fcb265-c480-4f8e-852e-a2b6bf373430 Thanks, JohnIf the BSOD tells you what sys file caused the error it should be fairly easy to track down. If it doesn't, I'd start with uninstalling ZoneAlarm (turning it off doesn't unload the driver, it simply makes it try to ignore traffic). It should be possible to figure out where the error is occurring bu it may be trial and error to do so. Brandon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMap crash with -sU Orgle (May 03)
- Re: NMap crash with -sU Brandon Enright (May 03)
- RE: NMap crash with -sU Orgle (May 04)
- Re: NMap crash with -sU Gianluca Varenni (May 04)
- RE: NMap crash with -sU Orgle (May 04)
- <Possible follow-ups>
- FW: NMap crash with -sU Orgle (May 05)
- Re: NMap crash with -sU Gianluca Varenni (May 07)
- Re: NMap crash with -sU Brandon Enright (May 03)