Nmap Development mailing list archives

Fwd: [BUG] Exclusions directive not honored by NSE version detection

From: Tom Sellers <nmap () fadedcode net>
Date: Fri, 14 May 2010 06:11:40 -0500

It doesn't look like I am going to be able to give this issue the attention
it needs any time soon so I am going to have to defer it to someone with
more time and a better understanding of some of the internal structures.

From what I can tell everything looks fine going into the script_scan(Targets)
call in nse-main.cc.  At that point I *think* the exclusion flag is being
ignored.

Tom

-------- Original Message --------
Subject: [BUG] Exclusions directive not honored by NSE version detection
Date: Fri, 30 Apr 2010 17:16:59 -0500
From: Tom Sellers <nmap () fadedcode net>
To: nmap-dev <nmap-dev () insecure org>

I have recently come across a bug involving port exclusions when performing
version detection.   I plan to work on finding a fix for the issue this
weekend, but I thought I would go ahead and send the info to the list now in
the event that my work was delayed or someone had an idea of exactly where
the issue lay.

Recent scanning shows that the Exclude directive in the nmap-service-probes
file is being ignored by NSE version detection if more than one port is
scanned on a host.  The nmap built in version detection skips the port, but
NSE runs version detection scripts against the port anyway.

Testing indicates:
1.  Scanning 1 port in exclude list = proper behavior
2.  Scanning 2 ports in the exclude list = proper behavior
3.  Scanning 1 or more excluded ports and 1 or more non-excluded ports =
    NSE service scan against excluded ports


I have attached a sample of a scan against two excluded open ports
(9100, 9400) and 1 normal port (80) using the --version-trace flag.  Port 9400
was added to my Excludes directive for testing.

As an aside, if the Exclude values in the nmap-services-probes file are
not legal then the following error message is displayed after port
discovery:

         Ports to be scanned must be between 0 and 65535 inclusive
         QUITTING!

The error implies that the source of the problem is at the command line.
I will try to work on this as well.

Tom

Attachment: sample.txt
Description:

Attachment: Attached Message Part
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [BUG] Exclusions directive not honored by NSE version detection, (continued)
- - - Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 17)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 17)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 19)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 19)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Fyodor (Jun 20)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 20)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 20)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 29)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Kris Katterjohn (Jun 21)
    - Re: [BUG] Exclusions directive not honored by NSE version detection Djalal Harouni (Jun 26)
- Fwd: [BUG] Exclusions directive not honored by NSE version detection Tom Sellers (May 14)