Re: [PATCH][NSE] tftp-enum Incorrect Closed Port

[David Fifield <david () bamsoftware com>]

On Mon, Sep 10, 2012 at 04:30:24PM +0100, Rob Nicholls wrote:
> I've been running a number of large scans with the tftp-enum script
> against hosts that don't have TFTP present and the script appears to
> incorrectly set the port to closed even when the host drops all of
> the packets that were sent to that UDP port. I'd prefer Nmap shows
> the port as open|filtered instead of marking the port as closed - do
> others agree with me/the attached patch?
>
> A quick review of the script suggests that the port will be marked
> as closed whenever it doesn't get a valid response indicating that a
> file was found or not found. I think this means that the script
> failing to bind would result in a REQUEST_ERROR that would cause
> check_open_tftp to return false, which would result in the port
> being marked as closed (this really doesn't sound right to me). When
> the bind is succesful and the response times out ("NSE: Error in
> receive TIMEOUT") this also results in a REQUEST_ERROR causing the
> port to be marked as closed (this is what I'm actually seeing).
>
> I assume we only want the script to specifically set the port as
> open or closed if we get some kind of response? The patch doesn't
> attempt to detect a bad response (i.e. something other than
> FILE_NOT_FOUND or FILE_FOUND) and mark the port as open (is this
> desirable?), but it should prevent the port being marked closed when
> it's filtered. I can work on a more complete patch sometime if
> people want it to mark the port as open if we get some sort of
> invalid/unexpected response?

What you say sounds right to me. You can commit the patch.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/