Nmap Development mailing list archives
Re: Possible bug in ./scripts/stun-version.nse script
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 11 Aug 2012 22:18:45 +0200
On Fri, Aug 10, 2012 at 3:12 PM, Szucs, Laszlo (NSN - HU/Budapest) < laszlo.szucs () nsn com> wrote:
Hi Nmap developers! We noticed a strange behaviour of nmap since version 6.00 (6.01 is also affected). We were using nmap on windows7 OS. When we have a target, where all UDP ports are filtered and we port scan it with version detection enabled, it will report udp port 3478 open. Without version detection it is found open|filtered with a reason no-response. (which is the correct expected result) We suspect that the error is in stun-version.nse script. (some other stun-related scripts may be affected as well, like stun-info.nse) According to changelog, stun NSE scripts were added to 6.0, so it is highly probably that there is some mistake. http://nmap.org/svn/scripts/stun-version.nse Keep up the good work! Best regards, Laszlo Szucs Here is our result why we think the error is in that script: Port scan without version detection: $ nmap -sU --reason -p 3478 *.*.*.* Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 14:00 ope Nmap scan report for **** (*.*.*.*) Host is up, received echo-reply (0.12s latency). PORT STATE SERVICE REASON 3478/udp open|filtered unknown no-response Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds Port scan with version detection: $ nmap -sUV --reason -p 3478 *.*.*.* Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 12:26 ope Nmap scan report for **** (*.*.*.*) Host is up, received echo-reply (0.062s latency). PORT STATE SERVICE REASON VERSION 3478/udp open stun script-set Service detection performed. Please report any incorrect results at http://nmap. org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 95.39 seconds Then I removed stun-version.nse from scripts folder (disabled it :-)) and re-run the scan: $ nmap -sUV --reason -p 3478 *.*.*.* Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 13:32 ope NSE: Warning: Could not load 'stun-version.nse': no path to file/directory: stun -version.nse Stats: 0:01:15 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0.00% done Packet Tracing disabled. Nmap scan report for **** (*.*.*.*) Host is up, received echo-reply (0.062s latency). PORT STATE SERVICE REASON VERSION 3478/udp open|filtered unknown no-response Service detection performed. Please report any incorrect results at http://nmap. org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 85.27 seconds -- end of message -- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Thanks for reporting this! It was recently reported by another user and has been corrected in the SVN version of Nmap. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Possible bug in ./scripts/stun-version.nse script Szucs, Laszlo (NSN - HU/Budapest) (Aug 11)
- Re: Possible bug in ./scripts/stun-version.nse script Patrik Karlsson (Aug 11)