[PATCH][NSE] tftp-enum Incorrect Closed Port

[Rob Nicholls <robert () robnicholls co uk>]

I've been running a number of large scans with the tftp-enum script 
against hosts that don't have TFTP present and the script appears to 
incorrectly set the port to closed even when the host drops all of the 
packets that were sent to that UDP port. I'd prefer Nmap shows the port 
as open|filtered instead of marking the port as closed - do others agree 
with me/the attached patch?

A quick review of the script suggests that the port will be marked as 
closed whenever it doesn't get a valid response indicating that a file 
was found or not found. I think this means that the script failing to 
bind would result in a REQUEST_ERROR that would cause check_open_tftp to 
return false, which would result in the port being marked as closed 
(this really doesn't sound right to me). When the bind is succesful and 
the response times out ("NSE: Error in receive TIMEOUT") this also 
results in a REQUEST_ERROR causing the port to be marked as closed (this 
is what I'm actually seeing).

I assume we only want the script to specifically set the port as open 
or closed if we get some kind of response? The patch doesn't attempt to 
detect a bad response (i.e. something other than FILE_NOT_FOUND or 
FILE_FOUND) and mark the port as open (is this desirable?), but it 
should prevent the port being marked closed when it's filtered. I can 
work on a more complete patch sometime if people want it to mark the 
port as open if we get some sort of invalid/unexpected response?

Rob

Attachment: tftp-enum-remove-script-set-closed.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/