RE: NMap crash with -sU

["Orgle" <orgle () charter net>]

Thanks Brandon.

Turned off automatic reboot, got the BSOD, and the file with the problem was
e1e5132.sys, which is part of the Intel Pro/1000 PM software. Went to
Intel's site, downloaded latest software for it (after having to look all
over the place), loaded, and retested - same BSOD, with same .sys file.
 Driver for the card was 9.3.28.0, and after loading Intel's latest software
is 9.7.34.

I've got a 3Com 3C905 NIC also installed in the system. Disabled the Intel
card, enabled the 3Com, gave it the same IP, ran the scan with no problems -
even with ZoneAlarm and everything else running.

So, problem looks to be with the Intel NIC card. Good old 3Com - their cards
always seem to work ;-)

John
-----Original Message-----
From: Brandon Enright [mailto:bmenrigh () ucsd edu] 
Sent: Friday, May 04, 2007 1:22 AM
To: Orgle
Cc: nmap-dev () insecure org; bmenrigh () ucsd edu
Subject: Re: NMap crash with -sU

On Thu, 3 May 2007 21:46:09 -0500 plus or minus some time "Orgle"
<orgle () charter net> wrote:

> Running NMap 4.20 on a XP SP2 box, with all the latest Microsoft patches
> installed - on a new Gateway desktop PC (business class machine)
>
>             When I run a nmap -vv -sU -P0 68.188.xxx.xxx   the command
> starts to run, then my PC crashes - reboots, no BSOD. After reboot, get a
> Windows has recovered from a serious error, and back from Microsoft get
> the following response on the trouble. Have run some other queries
> without a problem, just (so far) had the crash when using the -sU option.
> Use ZoneAlarm PC firewall software also (turned ZoneAlarm off, same
> problem.)

According to the Microsoft page you were receiving a stop error (BSOD).  It
probably just blinked by so fast your screen never drew it.

Go ahead and disable the automatic reboot on error so that you can read the
BSOD.  Instructions are available at

http://pcsupport.about.com/od/tipstricks/ht/disautorestart.htm

Next time you get the BSOD record the stop error, and if provided, the sys
file listed at the bottom that the error occurred in.

Also, if you haven't do so already, install WinPCAP 4.0.

This error could be anything from a bug in Nmap to a bug in WinPCAP,
Windows, your NIC's Driver, ZoneAlarm or some odd interaction of various
bugs between all five.

>             PC is 4 months old with 3G of memory, and is a Duo2 processor,
> so lots of horsepower. Any ideas or have you seen this one before? The
> Ethernet port is on-board the motherboard, and is an Intel Pro/1000 PM
> Ethernet chip setup. Downloaded a BIOS update, same problem. No NIC driver
> updates seem available.
>
>             The error URL is
http://wer.microsoft.com/responses/Response.aspx/10/en-us/5.1.2600.2.0001010
> 0.2.0?SGD=47fcb265-c480-4f8e-852e-a2b6bf373430
>
> Thanks,
>
> John

If the BSOD tells you what sys file caused the error it should be fairly
easy to track down.  If it doesn't, I'd start with uninstalling ZoneAlarm
(turning it off doesn't unload the driver, it simply makes it try to ignore
traffic).  It should be possible to figure out where the error is occurring
bu it may be trial and error to do so.

Brandon



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org