Nmap Development mailing list archives
NMAP crash
From: starlight.2012q3 () binnacle cx
Date: Thu, 13 Sep 2012 03:08:32 -0400
Hello, Came upon a reproducible crash that might be of interest. Running SVN 29768. Command is nmap -e eth4 -S 172.29.86.4 --send-eth \ -T4 -Pn -O -sV -sC 58.218.199.227 also happens with target 58.218.199.250 The "-e eth4 -S 172.29.86.4" options are likely not necessary. Were added here to invoke an alternate 'iproute2' source-address selected default route. On first scan, it always produces the attached result. If the scan is re-run immediately it runs normally to completion. After a few minutes the crash can be reproduced again. Observed /proc/<pid>/fd and did see that commencing with the "is this port really open?" message a huge number of sockets were opened until the limit of 1024 was hit. Increased to 'ulimit -n 10240' and it consumed all of those as well, then crashed. Running 64-bit 'nmap' under an old 2.6.27.25-78.2.56.fc9.x86_64 kernel. 'nmap' built with 'gcc' version 4.7.1. configure --without-zenmap --with-libpcap=/usr/local Where 'libpcap' is version 1.3.0. The two China 58.218.199.x IPs attempted to exploit the web-server here, which is taken as tacit permission to scan them with the aggressive parameters. Evidence attached.
Attachment:
hack_attempt.txt
Description:
Attachment:
nmap_crash.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP crash starlight . 2012q3 (Sep 13)
- Re: NMAP crash David Fifield (Sep 13)
- Re: NMAP crash starlight . 2012q3 (Sep 13)
- Re: NMAP crash David Fifield (Sep 13)