Re: NMAP crash -- more

[starlight.2012q3 () binnacle cx]

At 01:29 PM 9/13/2012 -0700, David Fifield wrote:
> I think this is unrelated to the problem of
> exceeding the socket limit.  OS detection seems to
> ignore -S the same way it ignores -g and other
> options. See
> http://nmap.org/book/man-bypass-firewalls-ids.html.
> Ignoring -S is probably a bug.

Agree.

> But I think you
> will see the same during OS detection against any
> host, not just this one that is exceeding the
> socket limit.

It's more nuanced than that.  Same command
works with other hosts.  Thinking about at
I believe that the problem is the NSE engine
creating a socket per script/probe and leaving
each open forever if there is no reply.
Since -S is being ignored the NSE traffic
is going out through the normal ASA firewall
here, nothing comes back for much of
the traffic.

Ran it a few more times and it seems that
-S is sometimes ignored and sometimes not
on a random basis.  Runs fine when the
traffic goes in the intended direction,
socket count skyrockets and 'nmap'
crashes when it does not.

Two bugs here I'd say.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/