Nmap Development mailing list archives
Possible bug in ./scripts/stun-version.nse script
From: "Szucs, Laszlo (NSN - HU/Budapest)" <laszlo.szucs () nsn com>
Date: Fri, 10 Aug 2012 16:12:54 +0300
Hi Nmap developers! We noticed a strange behaviour of nmap since version 6.00 (6.01 is also affected). We were using nmap on windows7 OS. When we have a target, where all UDP ports are filtered and we port scan it with version detection enabled, it will report udp port 3478 open. Without version detection it is found open|filtered with a reason no-response. (which is the correct expected result) We suspect that the error is in stun-version.nse script. (some other stun-related scripts may be affected as well, like stun-info.nse) According to changelog, stun NSE scripts were added to 6.0, so it is highly probably that there is some mistake. http://nmap.org/svn/scripts/stun-version.nse Keep up the good work! Best regards, Laszlo Szucs Here is our result why we think the error is in that script: Port scan without version detection: $ nmap -sU --reason -p 3478 *.*.*.* Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 14:00 ope Nmap scan report for **** (*.*.*.*) Host is up, received echo-reply (0.12s latency). PORT STATE SERVICE REASON 3478/udp open|filtered unknown no-response Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds Port scan with version detection: $ nmap -sUV --reason -p 3478 *.*.*.* Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 12:26 ope Nmap scan report for **** (*.*.*.*) Host is up, received echo-reply (0.062s latency). PORT STATE SERVICE REASON VERSION 3478/udp open stun script-set Service detection performed. Please report any incorrect results at http://nmap. org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 95.39 seconds Then I removed stun-version.nse from scripts folder (disabled it :-)) and re-run the scan: $ nmap -sUV --reason -p 3478 *.*.*.* Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 13:32 ope NSE: Warning: Could not load 'stun-version.nse': no path to file/directory: stun -version.nse Stats: 0:01:15 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0.00% done Packet Tracing disabled. Nmap scan report for **** (*.*.*.*) Host is up, received echo-reply (0.062s latency). PORT STATE SERVICE REASON VERSION 3478/udp open|filtered unknown no-response Service detection performed. Please report any incorrect results at http://nmap. org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 85.27 seconds -- end of message -- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Possible bug in ./scripts/stun-version.nse script Szucs, Laszlo (NSN - HU/Budapest) (Aug 11)
- Re: Possible bug in ./scripts/stun-version.nse script Patrik Karlsson (Aug 11)