Re: Should nmap fall back to -sT if we can't perform a raw scan?

[Fyodor <fyodor () nmap org>]

On Tue, Apr 29, 2014 at 4:18 AM, Jacek Wielemborek <d33tah () gmail com> wrote:

> List,
>
> On my system, nmap's executable has selinux privileges allowing it to
> perform
> raw scans, which I turn on by default by exporting NMAP_PRIVILEGED="1".
> Today
> I noticed that this setup breaks scanning localhost:
>
> [13:16:20][~/workspace/nmap-svn]$ ./nmap --privileged localhost
>
> Starting Nmap 6.46 ( http://nmap.org ) at 2014-04-29 13:16 CEST
> socket troubles in Init: Operation not permitted (1)
>
> Perhaps we need to fall back to -sT in some cases, such as this one?

Hi Jacek.  That's a good point but, on the other hand, Nmap would have used
-sT by default.  Except you specified --privileged, which tells Nmap to
assume it has all the privileges it needs to do a raw scan.  Which it
didn't, in this case.  So I don't know if Nmap should second guess the user
in these cases.  Three other options are:

1) You could change SELinux so that the extra privileges work for localhost
too (and maybe creating a secwiki page detailing what you've done would be
great)

2) You could not specify --privileged, at least for cases like this where
it won't work

3) You can manually specify -sT

Cheers,
Fyodor
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/