Nmap Development mailing list archives
Re: Strange errors with nmap 4.68
From: Nathan <nathan.stocks () gmail com>
Date: Thu, 11 Dec 2008 13:08:01 -0700
On Thu, Dec 11, 2008 at 12:37 PM, Nathan <nathan.stocks () gmail com> wrote:
On Thu, Dec 11, 2008 at 1:39 PM, Ron <ron () skullsecurity net> wrote:Nathan wrote:From my server[1] that I'm running nmap[2] on I'm seeing lots of errormessages like the one below. Can someone help me understand what's going on? If this error is harmless, then I'll ignore it, but if not then I'd like to fix the problem on my server that's causing these errors. The task I'm trying to achieve is to periodically scan all the tcp ports on a bunch of servers to make sure new services don't get opened, and the amount of servers has increased lately, which may or may not be part of the cause of the error. I've tried googling the error, but that's just turned up a bunch of posts of nmap output that happen to contain the error, but the posts are discussing something else unrelated to the error. ---- sendto in send_ip_packet: sendto(6, packet, 44, 0, A.B.C.D, 16) => Operation not permitted Offending packet: TCP X.Y.Z.Z:57622 > A.B.C.D:36343 S ttl=38 id=64350 iplen=44 seq=3884235946 win=3072 <mss 1460> ---- [1] Linux myhostname 2.6.23-gentoo-r9 #2 SMP Wed Jul 9 14:34:31 MDT 2008 i686 Intel(R) Xeon(R) CPU X5355 @ 2.66GHz GenuineIntel GNU/Linux [2] /usr/bin/nmap -sS -sV -T4 -p 1-65535 -oG myoutputfile -oX - -P0 A.B.C.D ~ NathanI think I've seen that error come up when I had a firewall running that denied me permission to send out a UDP packet. Is iptables running on the machine you're scanning from? RonYes! iptables is running. But it's pretty bare. I'm dropping all inbound packets destined for ports 1-10,240, with an extra rule to allow me to SSH in from my office. But if I'm reading the error right, it's complaining about a packet from port 57622 on the server to 36343 on the target, neither of which are in the 1-10240 range (???) Here's the output if I run "iptables-save" # Generated by iptables-save v1.4.0 on Thu Dec 11 12:31:44 2008 *filter :INPUT ACCEPT [1670029810:498255753315] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [4416085503:424141701772] -A INPUT -s [my-office-ip-address] -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 1:10240 -j DROP COMMIT # Completed on Thu Dec 11 12:31:44 2008 ~ Nathan
Oh! I forgot that we tried adding some extra options to try to speed things up in some cases (where the sites have high bandwidth connections) and trying to get the scans to work at all (with some of our sites that are on high-latency satellite connections that like to report every port as open). I bet that that's got a lot (everything?) to do with it! I have different hosts set to use different options below. I'm guessing the ones starting with -T5 are probably causing the errors, so I'll try cutting those out. -T2 --max-retries 2 -T4 --max-retries 0 -T4 --max-retries 5 -T5 -r --min-rtt-timeout 1500 --host-timeout 720m -P0 -T5 -r --min-rtt-timeout 1500 --max-retries 10 --host-timeout 360m -P0 ~ Nathan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Ron (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Brandon Enright (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Ron (Dec 11)
- Re: Strange errors with nmap 4.68 Brandon Enright (Dec 11)
- Message not available
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Fyodor (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Ron (Dec 11)