Nmap Development mailing list archives

Re: Informal Nmap 3.94ALPHA1 Release


From: Ron <iago () valhallalegends com>
Date: Mon, 05 Dec 2005 19:58:38 -0600

Idle Scan is having an issue when the program ends.  It happens whether 
it finds an invalid zombie, or if it finishes normally.

=================
iago@slayer:~/downloads/nmap-3.94ALPHA1$ sudo nmap -sI 192.168.1.4:22 
192.168.1.3
Password:
WARNING: Many people use -P0 w/Idlescan to prevent pings from their true 
IP.  On the other hand, timing info Nmap gains from pings can allow for 
faster, more reliable scans.

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-12-05 19:46 CST
Warning: File ./nmap-services exists, but Nmap is using 
/usr/local/share/nmap/nmap-services for security and consistency 
reasons.  set NMAPDIR=. to give priority to files in your local 
directory (may affect the other data files too).
Idlescan zombie 192.168.1.4 (192.168.1.4) port 22 cannot be used because 
IPID sequencability class is: All zeros.  Try another proxy.
QUITTING!
caught SIGSEGV signal, cleaning up
Aborted
=================

With gdb:

=================
(gdb) run -sI 192.168.1.4:22 192.168.1.3
Starting program: /home/iago/downloads/nmap-3.94ALPHA1/nmap -sI 
192.168.1.4:22 192.168.1.3
WARNING: Many people use -P0 w/Idlescan to prevent pings from their true 
IP.  On the other hand, timing info Nmap gains from pings can allow for 
faster, more reliable scans.

Starting Nmap 3.94ALPHA1 ( http://www.insecure.org/nmap/ ) at 2005-12-05 
19:47 CST
Warning: File ./nmap-services exists, but Nmap is using 
/usr/local/share/nmap/nmap-services for security and consistency 
reasons.  set NMAPDIR=. to give priority to files in your local 
directory (may affect the other data files too).
Idlescan zombie 192.168.1.4 (192.168.1.4) port 22 cannot be used because 
IPID sequencability class is: All zeros.  Try another proxy.
QUITTING!

Program received signal SIGSEGV, Segmentation fault.
0x08073032 in ~PortList (this=0x80bff00) at stl_tree.h:651
651           _M_leftmost() const { return (_Link_type&) 
_M_header->_M_left; }
(gdb) backtrace
#0  0x08073032 in ~PortList (this=0x80bff00) at stl_tree.h:651
#1  0x080768ec in ~Target (this=0x80bfea0) at Target.cc:145
#2  0x0805da70 in __tcf_0 () at idle_scan.cc:949
#3  0xb7cc99d2 in exit () from /lib/tls/libc.so.6
#4  0x0805a353 in fatal (
     fmt=0x809e440 "Idlescan zombie %s (%s) port %hu cannot be used 
because IPID sequencability class is: %s.  Try another proxy.") at 
nmap_error.cc:119
#5  0x0805bfae in initialize_idleproxy (proxy=0x80bfea0,
     proxyName=0x80c8088 "192.168.1.4:22", first_target=0x80ea468)
     at Target.h:147
#6  0x0805d99e in idle_scan (target=0x80ea330, portarray=0x80f5ec8,
     numports=1668, proxyName=0x80c8088 "192.168.1.4:22") at 
idle_scan.cc:974
#7  0x0804e3a7 in nmap_main (argc=4, argv=0xbffff6f4) at nmap.cc:1206
#8  0x0804b264 in main (argc=4, argv=0xbffff6f4, envp=0xbffff708)
     at main.cc:244
=================

For the record, finishing normally:

=================
(gdb) run -sI 10.100.254.193:135 192.168.1.3
Starting program: /home/iago/downloads/nmap-3.94ALPHA1/nmap -sI 
10.100.254.193:135 192.168.1.3
WARNING: Many people use -P0 w/Idlescan to prevent pings from their true 
IP.  On the other hand, timing info Nmap gains from pings can allow for 
faster, more reliable scans.

Starting Nmap 3.94ALPHA1 ( http://www.insecure.org/nmap/ ) at 2005-12-05 
19:56 CST
Warning: File ./nmap-services exists, but Nmap is using 
/usr/local/share/nmap/nmap-services for security and consistency 
reasons.  set NMAPDIR=. to give priority to files in your local 
directory (may affect the other data files too).
Idlescan using zombie 10.100.254.193 (10.100.254.193:135); Class: 
Incremental
All 1668 scanned ports on darkside (192.168.1.3) are: closed|filtered
MAC Address: 00:05:5D:F3:DF:09 (D-Link Systems)

Nmap finished: 1 IP address (1 host up) scanned in 10.759 seconds

Program received signal SIGSEGV, Segmentation fault.
0x08073032 in ~PortList (this=0x80bff00) at stl_tree.h:651
651           _M_leftmost() const { return (_Link_type&) 
_M_header->_M_left; }
(gdb) backtrace
#0  0x08073032 in ~PortList (this=0x80bff00) at stl_tree.h:651
#1  0x080768ec in ~Target (this=0x80bfea0) at Target.cc:145
#2  0x0805da70 in __tcf_0 () at idle_scan.cc:949
#3  0xb7cc99d2 in exit () from /lib/tls/libc.so.6
#4  0xb7cb3fd5 in __libc_start_main () from /lib/tls/libc.so.6
#5  0x0804afd1 in _start () at ../sysdeps/i386/elf/start.S:119

=================

I'm not sure if it's the same problem as I posted about a few months 
ago, but that post can be found here:
http://seclists.org/lists/nmap-dev/2005/Jul-Sep/0197.html

Hope that helps...
Ron

Fyodor wrote:
Nmap Developers,

I am happy to announce a new test release of Nmap, with dozens of
changes.  You can find the goods at:

http://download.insecure.org/nmap/dist/nmap-3.94ALPHA1.tar.bz2
http://download.insecure.org/nmap/dist/nmap-3.94ALPHA1.tgz
http://download.insecure.org/nmap/dist/nmap-3.94ALPHA1-1.src.rpm
http://download.insecure.org/nmap/dist/nmap-3.94ALPHA1-1.x86_64.rpm

Please let me know if you find any problems.  GPG sigs are in the sigs
directory, as usual.  I haven't had time to fix the reported Idle scan
issues yet, nor the strange Windows reports we have seen lately.  Here
are the changes since 3.93:

o Wrote a new man page from scratch.  It is much more comprehensive
  (more than twice as long) and (IMHO) better organized than the
  previous one.  Read it online at http://www.insecure.org/nmap/man/
  or docs/nmap.1 from the Nmap distribution.  Let me know if you have
  any ideas for improving it.  I am also looking for translations.  If
  you are interested in translating to a language not already found at
  http://www.insecure.org/nmap/nmap_documentation.html , please mail
  Fyodor for the DocBook XML source to translate.

o Removed foreign translations of the old man page from the
  distribution.  Included the following contributed translations
  (nroff format) of the new man page:
    Brazilian Portuguese by Lucien Raven (lucienraven(a)yahoo.com.br)

o Wrote a new "help screen", which you get when running Nmap without
  arguments.  It is also reproduced in the man page and at
  http://www.insecure.org/nmap/data/nmap.usage.txt .  I gave up trying
  to fit it within a 25-line, 80-column terminal window.  It is now 78
  lines and summarizes all but the most obscure Nmap options.

o Version detection softmatches (when Nmap determines the service
  protocol such as smtp but isn't able to determine the app name such as
  Postfix) can now parse out the normal match line fields such as
  hostname, device type, and extra info.  For example, we may not know
  what vendor created an sshd, but we can still parse out the protocol
  number.  This was a patch from  Doug Hoyte (doug(a)hcsw.org).

o Fixed a problem which caused UDP version scanning to fail to print
  the matched service.  Thanks to Martin Macok
  (martin.macok(a)underground.cz) for reporting the problem and Doug
  Hoyte (doug(a)hcsw.org) for fixing it.

o Made the version detection "ports" directive (in
  nmap-service-probes) more comprehensive.  This should speed up scans a
  bit.  The patch was done by Doug Hoyte (doug(a)hcsw.org).

o Added the --webxml option, which does the same thing as 
  --stylesheet http://www.insecure.org/nmap/data/nmap.xsl , without
  requiring you to remember the exact URL or type that whole thing.

o Fixed a crash occured when the --exclude option was used with
  netmasks on certain platforms.  Thanks to Adam
  (nmapuser(a)globalmegahost.com) for reporting the problem and to
  Greg Darke (starstuff(a)optusnet.com.au) for sending a patch (I
  modified the patch a bit to make it more efficient).

o Fixed a problem with the -S and -e options (spoof/set
  source address, and set interface by name, respectively).  The problem
  report and a partial patch were sent by Richard Birkett
  (richard(a)musicbox.net).

o Fixed a possible aliasing problem in tcpip.cc by applying a patch sent in by
  Gwenole Beauchesne (gbeauchesne(a)mandriva.com).  This problem
  shouldn't have had any effect on users since we already include the
  -fno-strict-aliasing option whenever gcc 4 is detected, but it
  brings us closer to being able to remove that option.

o Fixed a bug that caused Nmap to crash if an nmap-service-probes file
  was used which didn't contain the Exclude directive.

o Fixed a bunch of typos and misspellings throughout the Nmap source
  code (mostly in comments).  This was a 625-line patch by Saint Xavier
  (skyxav(a)skynet.be).

o Nmap now accepts target list files in Windows end-of-line format (\r\n)
  as well as standard UNIX format (\n) on all platforms.  Passing a
  Windows style file to Nmap on UNIX didn't work before unless you ran
  dos2unix first.

o Removed Identd scan support from NmapFE since Nmap no longer
  supports it.  Thanks to Jonathan Dieter (jdieter99(a)gmx.net) for the
  patch.

o Integrated all of the September version detection fingerprint
  submissions.  This was done by Version Detection Czar Doug Hoyte
  (doug(a)hcsw.org) and resulted in 86 new match lines.  Please keep
  those submissions coming!

o Fixed a divide-by-zero crash when you specify rather bogus
  command-line arguments (a TCP scan with zero tcp ports).  Thanks to
  Bart Dopheide (dopheide(a)fmf.nl) for identifying the problem and
  sending a patch.

o Fixed a minor syntax error in tcpip.h that was causing problems with
  GCC 4.1.  Thanks to Dirk Mueller (dmuell(a)gmx.net) for reporting
  the problem and sending a fix.


Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


Current thread: