Re: nmap-3.93 UDP service fingerprinting does not show the match

[doug () hcsw org]

Hello Martin,

Thanks for the bug report! I was able to reproduce the bug and I've managed to track it down to the function

service_scan.cc:adjustPortStateIfNeccessary().

This function exists because in some cases (especially UDP) we can determine that a port is actually OPEN instead of 
OPEN|FILTERED thanks to the service scan. This happens when a UDP service doesn't respond to the scanning probes but 
does respond to at least one of our service probes.

It looks like the problem is that this function actually adds a new port to the portlist instead of just adjusting the 
state of the existing probe. This is the reason why your scan wasn't working: The service details of the port get set 
before this function call and the new port that this function overrides it with has no service information.

I've attached a patch that I hope will deal with this properly.

Good find!

Doug Hoyte


On Fri, Oct 21, 2005 at 09:57:35AM +0200 or thereabouts, Martin Ma?ok wrote:
> Running nmap UDP version scanning against service with fingerprint in
> the database does not print the match:
>
> # nmap -P0 -d --version_trace -sUV -p53 localhost
> [..]
> Service scan match (Probe DNSVersionBindReq matched with DNSVersionBindReq): localhost (127.0.0.1):53 is domain.  
> Version: |pdnsd|||
> [..]
> 53/udp open  domain?
>
> Martin Ma?ok
> ICT Security Consultant

Attachment: nmap-3.93-adjustportstate-fix.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev