RE: [NSE] New UPnP information gathering script

["Thomas Buchanan" <TBuchanan () thecompassgrp net>]

> -----Original Message-----
> From: nmap-dev-bounces () insecure org 
> [mailto:nmap-dev-bounces () insecure org] On Behalf Of Gisle Vanem
> Sent: Friday, January 11, 2008 7:00 AM
> To: Nmap-dev
> Subject: Re: [NSE] New UPnP information gathering script
>
> I thought I try this new script, but I'm getting no results.
> I know for sure my router is running UPnP at udp/1900.
>
> The result of "nmap -sU -p1900 --script=UPnP-info -v -d5 router"
> is in the attachment if anybody can spot the problem. I'm not sure
> about the long list of "nsock_loop() started" and "wait_for_events".
> Makes me kinda think scripts doesn't work at all on Win32 (?). Is
> nmap trying to select() on the output of a sub-process?

I didn't see any script errors in the output, just a normal run against
a non-responsive service.  A possible explanation is that your router
simply doesn't respond to direct UPnP discover requests.  I saw this
behavior on at least one other router while I was testing the script.
The typical method for UPnP discovery is to send the requests to a
network broadcast address (Windows uses Destination: 239.255.255.250),
and apparently some systems will only respond to this method.
Unfortunately, I don't know any way of working around this at this
point, so those systems won't be detected by this script.  Out of
curiosity, what type of router do you have?

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org