Nmap Development mailing list archives

NSE: odd output, testing, etc

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 17 Dec 2008 21:20:17 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Patrick, all,

I've recently been helping Ron with extensive testing of his MS RPC/SMB
scripts and have uncovered some strange output and other NSE oddities.
I'll describe a few here but I think the best way to get at some of
these is with back-and-forth email/IM discussion and testing to help
locate and fix problems.

Here are a few things I think are issues:

* NSE is overly aggressive with parallelism.  It isn't unusual for NSE
  to report more than 2000 active NSE scripts.  When this happens Lua
  seems to thrash and NSE scanning slows to a crawl.  I think this has
  the ability to trigger the "lock, (null), <int>, tcp, ERROR" errors
  describe below.

* Certain script/Lua problems appear to corrupt the Lua state, causing
  the NSE scan to fail.  With David's patch to keep the same Lua state
  so that the registry is maintained between host groups this appears to
  propagate corruption problems from one NSE scan to the next.  Much
  more testing is needed to confirm/troubleshoot/fix this.

* Under certain circumstances the NSE Runlevel computation appears to
  have a divide-by-zero bug causing it to out "SCRIPT ENGINE: Runlevel:
  inf"

* There seems to be some sort of script deadlocking detection that can
  output "SCRIPT ENGINE: lock".  It isn't clear what circumstances are
  required to cause this but I'm not convinced it is always a real
  deadlock.

* It seems a script with a handle to a mutex won't release it if the
  script crashes (causing a deadlock).

* Sometimes the script engine will print a series of "SCRIPT ENGINE:
  (null)" right before the engine completes.

* Sometimes a script will exit and the only output is "SCRIPT ENGINE:
  tcp".

* Sometimes a script will exit and the only output is "SCRIPT ENGINE:
  ERROR".

* Sometimes a script will exit and the only output is "SCRIPT ENGINE:
  <int>" where <int> is typically a small number.  One such example is
  "SCRIPT ENGINE: 4".


Ron's SMB script seem to be a great starting place for finding these
sorts of errors.  I'd be willing to run special test scripts against
tens of thousands of hosts or other things that might help track these
down.

Brandon


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklJbRgACgkQqaGPzAsl94KblQCfXsoy5EVpFnUCnOoM2qZrPTHL
ZcsAn0FamynA5RzFx8VDR88dk9OM8XRG
=syKJ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

NSE: odd output, testing, etc Brandon Enright (Dec 17)
- Re: NSE: odd output, testing, etc Ron (Dec 17)
  - Re: NSE: odd output, testing, etc Kris Katterjohn (Dec 17)
- Re: NSE: odd output, testing, etc M M (Dec 17)
- Re: NSE: odd output, testing, etc Patrick Donnelly (Dec 21)
  - Re: NSE: odd output, testing, etc David Fifield (Dec 28)
    - Re: NSE: odd output, testing, etc Patrick Donnelly (Dec 28)
    - Re: NSE: odd output, testing, etc Brandon Enright (Dec 28)
    - Re: NSE: odd output, testing, etc David Fifield (Dec 28)
    - Re: NSE: odd output, testing, etc Patrick Donnelly (Dec 29)
    - Re: NSE: odd output, testing, etc David Fifield (Dec 29)