Re: [NSE] MS08-067 check

[Ron <ron () skullsecurity net>]

Brandon Enright wrote:
> My only recommendation for this script (really, the SMB library) is to
> change the SMB mutex from a global one to a per-IP one.  When scanning
> thousands of SMB endpoints serial checking is rather slow.  The only
> potential trouble a per-IP mutex would cause is if a dual-homed Windows
> machine has the unfortunate luck of being scanned simultaneously on
> multiple IPs.

I sent Brandon an email off the list, but, for anybody else interested, 
I implemented this this morning in
svn://svn.insecure.org/nmap-exp/nmap-smb

The issue is that you can't make multiple SMB connections to the same 
server from the same address. That's a limitation on the Windows side. 
Using mutexes (mutices?) gets around that.

The SMB scripts now use the NetBIOS name, if available, to choose which 
mutex to use. If a name can't be pulled, it uses the IP address. The 
tradeoffs are:
- Systems with a matching name are assumed to be the same system (if 
they aren't, then boxes with matches names aren't scanned at the same 
time) -- this can create some minor speed loss
- Systems with multiple IPs will be handled correctly, assuming they 
return names. If they don't return names, then they may be scanned 
concurrently, which means only one will work

If you want to test this, especially if you have multi-homed systems, 
please do and let me know the results! I'll give it a couple days before 
merging it to the head.

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org