Nmap Development mailing list archives
Re: Consistent nmap hang scanning for Conficker
From: shorejsi2 () mmm com
Date: Thu, 2 Apr 2009 14:32:14 -0500
Ron; This was an old post that somehow appeared from the past. This was this was the smb.lua script problem before I chased to a definitive cause. -=[ Steve ]=- Ron <ron () skullsecurity net> 04/02/2009 02:28 PM To shorejsi2 () mmm com cc nmap-dev () insecure org Subject Re: Consistent nmap hang scanning for Conficker shorejsi2 () mmm com wrote:
I have been having problems using Nmap 4.85BETA6 to scan for Conficker infections. I have been able to narrow this down to a consistent set of IPs which always results in a hard loop (nmap at 100% CPU). The output looks like this: $ nmap -T4 -p139,445 -v -v --script=smb-check-vulns --script-args
safe=1
a.b.50.32/28 Starting Nmap 4.85BETA6 ( http://nmap.org ) at 2009-04-02 05:02 CDT Initiating Ping Scan at 05:02 Scanning 16 hosts [1 port/host] Completed Ping Scan at 05:02, 0.09s elapsed (16 total hosts) Initiating Parallel DNS resolution of 16 hosts. at 05:02 Completed Parallel DNS resolution of 16 hosts. at 05:02, 0.00s elapsed Initiating Connect Scan at 05:02 Scanning 16 hosts [2 ports/host] Discovered open port 139/tcp on a.b.50.35 Discovered open port 139/tcp on a.b.50.36 Discovered open port 139/tcp on a.b.50.39 Discovered open port 139/tcp on a.b.50.40 Discovered open port 139/tcp on a.b.50.45 Discovered open port 139/tcp on a.b.50.38 Discovered open port 139/tcp on a.b.50.37 Discovered open port 139/tcp on a.b.50.32 Discovered open port 139/tcp on a.b.50.41 Discovered open port 139/tcp on a.b.50.42 Discovered open port 139/tcp on a.b.50.44 Discovered open port 139/tcp on a.b.50.43 Discovered open port 139/tcp on a.b.50.47 Completed Connect Scan at 05:02, 1.48s elapsed (32 total ports) NSE: Initiating script scanning. Initiating NSE at 05:02 NSE Timing: About 84.62% done; ETC: 05:03 (0:00:06 remaining) NSE Timing: About 84.62% done; ETC: 05:03 (0:00:11 remaining) NSE Timing: About 84.62% done; ETC: 05:04 (0:00:17 remaining) NSE Timing: About 84.62% done; ETC: 05:04 (0:00:22 remaining) NSE Timing: About 84.62% done; ETC: 05:05 (0:00:27 remaining) NSE Timing: About 84.62% done; ETC: 05:06 (0:00:33 remaining) NSE Timing: About 84.62% done; ETC: 05:06 (0:00:38 remaining) NSE Timing: About 84.62% done; ETC: 05:07 (0:00:44 remaining) NSE Timing: About 84.62% done; ETC: 05:07 (0:00:49 remaining) NSE Timing: About 84.62% done; ETC: 05:08 (0:00:55 remaining) What can I contribute that will help understand this problem? -=[ Steve ]=-
Hey Steve, Can you try running it with -d and maybe even -d2, and seeing where it gets stuck? Odds are it's erroring on one of the hosts and the mutex isn't being freed properly. Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Consistent nmap hang scanning for Conficker shorejsi2 (Apr 02)
- Re: Consistent nmap hang scanning for Conficker Ron (Apr 02)
- Re: Consistent nmap hang scanning for Conficker shorejsi2 (Apr 02)
- Re: Consistent nmap hang scanning for Conficker Ron (Apr 02)