Re: dev Digest, Vol 129, Issue 35

[ryan chou <jkryanchou () gmail com>]

Did the Fox-IT company plan to offer a remote job? I'm so interested in it.
That looks so cool.

2015-12-20 13:37 GMT+08:00 <dev-request () nmap org>:

> Send dev mailing list submissions to
>         dev () nmap org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://nmap.org/mailman/listinfo/dev
> or, via email, send a message with subject or body 'help' to
>         dev-request () nmap org
>
> You can reach the person managing the list at
>         dev-owner () nmap org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of dev digest..."
>
>
> Today's Topics:
>
>    1. Paid Internships for Improving Nmap OS Detection Available at
>       Fox-IT in the Netherlands (Fyodor)
>    2. scan results depend on logfile mode??? (B?la Szekeres (p?kusz))
>    3. Re: scan results depend on logfile mode???
>       (B?la Szekeres (p?kusz))
>    4. Re: scan results depend on logfile mode??? (Daniel Miller)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 19 Dec 2015 13:29:45 -0800
> From: Fyodor <fyodor () nmap org>
> To: Nmap Development List <dev () nmap org>
> Subject: Paid Internships for Improving Nmap OS Detection Available at
>         Fox-IT in the Netherlands
> Message-ID:
>         <CAJjO9M=dg4ECgmLLXkZ0FsFoe79mcoEA=TspnORWpY=
> jjV7JHQ () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi folks!  Mathias Morbitzer has notified me that his company Fox-IT has
> openings for two paid internships where he will work with talented
> programmers to improve or even re-invent Nmap OS detection.  I'm excited
> about this since his previous intern, Alexandru Geana, already made a lot
> of progress in this area and we've implemented some of that into Nmap 7.
> But there's a lot more to do!  And this is a great chance to get paid to
> work on free software.  They are looking for someone who is either located
> in the Netherlands or willing to relocate their during the project.
> They're flexible about the start and duration of the project. Here are the
> positions:
>
> Improving Nmaps IPv6 OS detection system:
>
> https://www.fox-it.com/nl/vacancies/improving-nmaps-ipv6-os-detection-system/
>
> Design and implementation of a new OS detection system for Nmap:
>
> https://www.fox-it.com/nl/vacancies/design-and-implementation-of-a-new-os-detection-system-for-nmap/
>
> I know the internships are paid, but I don't know how much.  I hope they
> find someone great as a successful project could make Nmap better for us
> all!
>
> Cheers,
> Fyodor
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nmap.org/mailman/private/dev/attachments/20151219/e7fc13b9/attachment.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sat, 19 Dec 2015 20:20:17 +0100
> From: B?la Szekeres (p?kusz) <pokusz () gmail com>
> To: dev () nmap org
> Subject: scan results depend on logfile mode???
> Message-ID:
>         <CAOJLbe08CshDbEn-D9DhpEd62w0H+TDMW+ag=
> ju9bxGj7SqF_A () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi all,
>
>
> I have a weird problem with nmap which is driving me mad. I'm running nmap
> 7.01 on Kali 2.0.
>
> I have a server with 2 SSL ports, both ports are configured identically,
> OpenSSL can connect to both ports. If I run nmap to scan the server, the
> results depend on the logfile mode...
>
> =================
> root@kali:~# nmap -Pn -sV -p3550,3562 -oN  - pi196
> # Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV
> -p3550,3562 -oN - pi196
> Nmap scan report for pi196 (xxx)
> Host is up (0.0042s latency).
> PORT      STATE SERVICE     VERSION
> 3550/tcp open  ssl/unknown
> 3562/tcp open  ssl/unknown
>
> Service detection performed. Please report any incorrect results at
> https://nmap.org/submit/ .
> # Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up) scanned
> in 23.72 seconds
> =================
> root@kali:~# nmap -Pn -sV -p3550,3562 -oG  - pi196
> # Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV
> -p3550,3562 -oG - pi196
> Host: xxx (pi196)    Status: Up
> Host: xxx (pi196)    Ports: 3550/open/tcp//ssl|unknown///,
> 3562/open/tcp/////
> # Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up) scanned
> in 23.73 seconds
> =================
>
> I compared the packet trace of both scans and I see only minimal
> differences. Tried to recompile the source but the results are the same.
>
> Any ideas?
>
> Best regards,
> Bela Szekeres
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nmap.org/mailman/private/dev/attachments/20151219/d649be72/attachment.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Sun, 20 Dec 2015 01:33:47 +0100
> From: B?la Szekeres (p?kusz) <pokusz () gmail com>
> To: dev () nmap org
> Subject: Re: scan results depend on logfile mode???
> Message-ID:
>         <
> CAOJLbe1JSLoH6wzrM2wo3NY-dVr1fVA0_UvLh8HU3ZwiY3c0fw () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi again,
>
> One step ahead. (The ports correctly are 33550 and 33562. Sorry for the
> editing.)
>
> The difference between the two ports is that 33550 appears in
> nmap-services. If I also include 33562 in nmap-services (even with 0
> frequency), it is found as ssl by the service scan even in -oG logmode. If
> the port is not included in the file, it is not detected as ssl in -oG, but
> detected in -oN logmode. Remember, I specify the ports with -p, so this
> file should not matter, as far as I know.
>
> Still the question, why is it scanning differently if the logmode is
> different.
>
> Best regards,
> Bela Szekeres
>
>
> On Sat, Dec 19, 2015 at 8:20 PM, B?la Szekeres (p?kusz) <pokusz () gmail com>
> wrote:
>
> > Hi all,
> >
> >
> > I have a weird problem with nmap which is driving me mad. I'm running
> nmap
> > 7.01 on Kali 2.0.
> >
> > I have a server with 2 SSL ports, both ports are configured identically,
> > OpenSSL can connect to both ports. If I run nmap to scan the server, the
> > results depend on the logfile mode...
> >
> > =================
> > root@kali:~# nmap -Pn -sV -p3550,3562 -oN  - pi196
> > # Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV
> > -p3550,3562 -oN - pi196
> > Nmap scan report for pi196 (xxx)
> > Host is up (0.0042s latency).
> > PORT      STATE SERVICE     VERSION
> > 3550/tcp open  ssl/unknown
> > 3562/tcp open  ssl/unknown
> >
> > Service detection performed. Please report any incorrect results at
> > https://nmap.org/submit/ .
> > # Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up)
> > scanned in 23.72 seconds
> > =================
> > root@kali:~# nmap -Pn -sV -p3550,3562 -oG  - pi196
> > # Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV
> > -p3550,3562 -oG - pi196
> > Host: xxx (pi196)    Status: Up
> > Host: xxx (pi196)    Ports: 3550/open/tcp//ssl|unknown///,
> > 3562/open/tcp/////
> > # Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up)
> > scanned in 23.73 seconds
> > =================
> >
> > I compared the packet trace of both scans and I see only minimal
> > differences. Tried to recompile the source but the results are the same.
> >
> > Any ideas?
> >
> > Best regards,
> > Bela Szekeres
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nmap.org/mailman/private/dev/attachments/20151220/22e5f1b1/attachment.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Sat, 19 Dec 2015 23:37:44 -0600
> From: Daniel Miller <bonsaiviking () gmail com>
> To: B?la Szekeres (p?kusz) <pokusz () gmail com>
> Cc: Nmap-dev <dev () nmap org>
> Subject: Re: scan results depend on logfile mode???
> Message-ID:
>         <CABmvJnMZkdSzC4RSazpkEyBi2Qe_N8=
> 3zr29BbwPOGWTrXYBtA () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> B?la,
>
> Thanks for reporting this! This has apparently been a long-standing bug in
> Nmap, which I just fixed with your help in r35536. In an attempt to not
> always print "unknown" in a field that could otherwise simply be blank, we
> did not print any service info in grepable output if the service did not
> have a positively-identified name. Unfortunately, this resulted in
> discarding service tunnel info, as you found. I changed the check to also
> check for a service tunnel, copying a condition from further on in the same
> function that we use for printing the service info in XML.
>
> Dan
>
> On Sat, Dec 19, 2015 at 6:33 PM, B?la Szekeres (p?kusz) <pokusz () gmail com>
> wrote:
>
> > Hi again,
> >
> > One step ahead. (The ports correctly are 33550 and 33562. Sorry for the
> > editing.)
> >
> > The difference between the two ports is that 33550 appears in
> > nmap-services. If I also include 33562 in nmap-services (even with 0
> > frequency), it is found as ssl by the service scan even in -oG logmode.
> If
> > the port is not included in the file, it is not detected as ssl in -oG,
> but
> > detected in -oN logmode. Remember, I specify the ports with -p, so this
> > file should not matter, as far as I know.
> >
> > Still the question, why is it scanning differently if the logmode is
> > different.
> >
> > Best regards,
> > Bela Szekeres
> >
> >
> > On Sat, Dec 19, 2015 at 8:20 PM, B?la Szekeres (p?kusz) <
> pokusz () gmail com>
> > wrote:
> >
> > > Hi all,
> > >
> > >
> > > I have a weird problem with nmap which is driving me mad. I'm running
> > > nmap 7.01 on Kali 2.0.
> > >
> > > I have a server with 2 SSL ports, both ports are configured identically,
> > > OpenSSL can connect to both ports. If I run nmap to scan the server, the
> > > results depend on the logfile mode...
> > >
> > > =================
> > > root@kali:~# nmap -Pn -sV -p3550,3562 -oN  - pi196
> > > # Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV
> > > -p3550,3562 -oN - pi196
> > > Nmap scan report for pi196 (xxx)
> > > Host is up (0.0042s latency).
> > > PORT      STATE SERVICE     VERSION
> > > 3550/tcp open  ssl/unknown
> > > 3562/tcp open  ssl/unknown
> > >
> > > Service detection performed. Please report any incorrect results at
> > > https://nmap.org/submit/ .
> > > # Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up)
> > > scanned in 23.72 seconds
> > > =================
> > > root@kali:~# nmap -Pn -sV -p3550,3562 -oG  - pi196
> > > # Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV
> > > -p3550,3562 -oG - pi196
> > > Host: xxx (pi196)    Status: Up
> > > Host: xxx (pi196)    Ports: 3550/open/tcp//ssl|unknown///,
> > > 3562/open/tcp/////
> > > # Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up)
> > > scanned in 23.73 seconds
> > > =================
> > >
> > > I compared the packet trace of both scans and I see only minimal
> > > differences. Tried to recompile the source but the results are the same.
> > >
> > > Any ideas?
> > >
> > > Best regards,
> > > Bela Szekeres
> >
> >
> > _______________________________________________
> > Sent through the dev mailing list
> > https://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://nmap.org/mailman/private/dev/attachments/20151219/f56b5b43/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> dev mailing list
> dev () nmap org
> https://nmap.org/mailman/listinfo/dev
>
>
> ------------------------------
>
> End of dev Digest, Vol 129, Issue 35
> ************************************
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/