Nmap Development mailing list archives
Re: nmap-3.93 UDP service fingerprinting does not show the match
From: doug () hcsw org
Date: Fri, 21 Oct 2005 11:19:38 +0100
Hello Martin, Thanks for the bug report! I was able to reproduce the bug and I've managed to track it down to the function service_scan.cc:adjustPortStateIfNeccessary(). This function exists because in some cases (especially UDP) we can determine that a port is actually OPEN instead of OPEN|FILTERED thanks to the service scan. This happens when a UDP service doesn't respond to the scanning probes but does respond to at least one of our service probes. It looks like the problem is that this function actually adds a new port to the portlist instead of just adjusting the state of the existing probe. This is the reason why your scan wasn't working: The service details of the port get set before this function call and the new port that this function overrides it with has no service information. I've attached a patch that I hope will deal with this properly. Good find! Doug Hoyte On Fri, Oct 21, 2005 at 09:57:35AM +0200 or thereabouts, Martin Ma?ok wrote:
Running nmap UDP version scanning against service with fingerprint in the database does not print the match: # nmap -P0 -d --version_trace -sUV -p53 localhost [..] Service scan match (Probe DNSVersionBindReq matched with DNSVersionBindReq): localhost (127.0.0.1):53 is domain. Version: |pdnsd||| [..] 53/udp open domain? Martin Ma?ok ICT Security Consultant
Attachment:
nmap-3.93-adjustportstate-fix.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- nmap-3.93 UDP service fingerprinting does not show the match Martin Mačok (Oct 21)
- Re: nmap-3.93 UDP service fingerprinting does not show the match doug (Oct 21)
- Re: nmap-3.93 UDP service fingerprinting does not show the match Martin Mačok (Oct 21)
- Re: nmap-3.93 UDP service fingerprinting does not show the match Fyodor (Nov 07)
- Re: nmap-3.93 UDP service fingerprinting does not show the match doug (Oct 21)