Nmap Development mailing list archives
RE: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS)
From: "Nmap User1" <nmapuser1 () gmail com>
Date: Fri, 6 Sep 2013 16:30:16 -0400
Hello, I've done some additional testing on the HTTPS/SSL timeout issue (all with Nmap v6.41): Ubuntu 10.04 LTS: No NSE HTTPS/SSL timeout issue. Debian 6.0.7: No NSE HTTPS/SSL timeout issue. Gentoo (k3.8.13): No NSE HTTPS/SSL timeout issue. Fedora 19: No NSE HTTPS/SSL timeout issue. Windows 7: No NSE HTTPS/SSL timeout issue. Ubuntu 12.04 LTS: Yes, the NSE HTTPS/SSL timeout issue is exhibited. Debian 7.1.0: Yes, the NSE HTTPS/SSL timeout issue is exhibited. Kali Linux: Yes, the NSE HTTPS/SSL timeout issue is exhibited. Testing Notes: *Randomly selected hosts (from Google): www.bwin.com, home.eease.com, & www.itslearning.com *Nmap command: nmap -v -sS -Pn -p 443 --script=ssl-cert <host> I've been encountering this timeout issue on nearly every client engagement since I've switched to Ubuntu 12.04 (affects around 5% of all HTTPS services). I suspect many others are experiencing the same issue, however, as the timeout issue isn't obvious in the results, it's likely to be overlooked. So what component in the identified current Debian based distros is causing nmap to demonstrate this behavior? The nmap debug logs did not appear overly helpful in this case. -----Original Message----- From: Henri Doreau [mailto:henri.doreau () gmail com] Sent: Thursday, September 05, 2013 2:51 PM To: Daniel Miller Cc: Nmap User1; Nmap-dev Subject: Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) 2013/9/5 Daniel Miller <bonsaiviking () gmail com>:
I can replicate the behavior on Ubuntu 12.04 against www.itslearning.com. I've created pastes with debugging output from 2 versions of Nmap: * http://pastebin.com/HqFCcYai - Nmap 6.41SVN with -d4 * http://pastebin.com/bCfdqFh3 - Nmap 6.02 with -d3 I also ran a scan without the NSE script immediately followed by openssl s_client, which was able to connect with no timeout. Dan
Hi, that looks interesting... I can't reproduce, neither on recent fedoras nor on debian 6.0.7. That could totally be a nsock issue but I see nothing suspicious from the traces you posted. Do you? Could you maybe retry with -d9, to also have the full debug log messages? A pcap dump would be helpful. Regards -- Henri _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Nmap User1 (Sep 04)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Daniel Miller (Sep 05)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Henri Doreau (Sep 05)
- RE: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Nmap User1 (Sep 06)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Henri Doreau (Sep 05)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Daniel Miller (Sep 05)