Nmap Development mailing list archives
Re: NMAP crash -- more
From: starlight.2012q3 () binnacle cx
Date: Thu, 13 Sep 2012 16:44:42 -0400
At 01:29 PM 9/13/2012 -0700, David Fifield wrote:
I think this is unrelated to the problem of exceeding the socket limit. OS detection seems to ignore -S the same way it ignores -g and other options. See http://nmap.org/book/man-bypass-firewalls-ids.html. Ignoring -S is probably a bug.
Agree.
But I think you will see the same during OS detection against any host, not just this one that is exceeding the socket limit.
It's more nuanced than that. Same command works with other hosts. Thinking about at I believe that the problem is the NSE engine creating a socket per script/probe and leaving each open forever if there is no reply. Since -S is being ignored the NSE traffic is going out through the normal ASA firewall here, nothing comes back for much of the traffic. Ran it a few more times and it seems that -S is sometimes ignored and sometimes not on a random basis. Runs fine when the traffic goes in the intended direction, socket count skyrockets and 'nmap' crashes when it does not. Two bugs here I'd say. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP crash -- more starlight . 2012q3 (Sep 13)
- <Possible follow-ups>
- Re: NMAP crash -- more starlight . 2012q3 (Sep 13)
- NMAP crash -- more starlight . 2012q3 (Sep 13)
- Re: NMAP crash -- more David Fifield (Sep 13)
- Re: NMAP crash -- more starlight . 2012q3 (Sep 13)
- Re: NMAP crash -- more David Fifield (Sep 13)
- Re: NMAP crash -- more starlight . 2012q3 (Sep 13)
- Re: NMAP crash -- more David Fifield (Sep 13)
- Re: NMAP crash -- more Fyodor (Sep 17)
- Re: NMAP crash -- more David Fifield (Sep 18)
- Re: NMAP crash -- more David Fifield (Sep 26)
- Re: NMAP crash -- more starlight . 2012q3 (Sep 26)
- Re: NMAP crash -- more David Fifield (Sep 26)