Nmap Development mailing list archives

Re: Possible bug in ./scripts/stun-version.nse script

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 11 Aug 2012 22:18:45 +0200

On Fri, Aug 10, 2012 at 3:12 PM, Szucs, Laszlo (NSN - HU/Budapest) <
laszlo.szucs () nsn com> wrote:

Hi Nmap developers!
We noticed a strange behaviour of nmap since version 6.00 (6.01 is also
affected). We were using nmap on windows7 OS.
When we have a target, where all UDP ports are filtered and we port scan
it with version detection enabled, it will report udp port 3478 open.
Without version detection it is found open|filtered with a reason
no-response. (which is the correct expected result)
We suspect that the error is in stun-version.nse script. (some other
stun-related scripts may be affected as well, like stun-info.nse)
According to changelog, stun NSE scripts were added to 6.0, so it is
highly probably that there is some mistake.
http://nmap.org/svn/scripts/stun-version.nse
Keep up the good work!
Best regards,
Laszlo Szucs
Here is our result why we think the error is in that script:
Port scan without version detection:
$ nmap -sU --reason -p 3478 *.*.*.*

Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 14:00 ope
Nmap scan report for **** (*.*.*.*)
Host is up, received echo-reply (0.12s latency).
PORT     STATE         SERVICE REASON
3478/udp open|filtered unknown no-response

Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds

Port scan with version detection:

$ nmap -sUV --reason -p 3478 *.*.*.*

Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 12:26 ope
Nmap scan report for **** (*.*.*.*)
Host is up, received echo-reply (0.062s latency).
PORT     STATE SERVICE REASON     VERSION
3478/udp open  stun    script-set

Service detection performed. Please report any incorrect results at
http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 95.39 seconds

Then I removed stun-version.nse from scripts folder (disabled it :-))
and re-run the scan:

$ nmap -sUV --reason -p 3478 *.*.*.*

Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-10 13:32 ope
NSE: Warning: Could not load 'stun-version.nse': no path to
file/directory: stun
-version.nse
Stats: 0:01:15 elapsed; 0 hosts completed (1 up), 1 undergoing Service
Scan
Service scan Timing: About 0.00% done
Packet Tracing disabled.
Nmap scan report for **** (*.*.*.*)
Host is up, received echo-reply (0.062s latency).
PORT     STATE         SERVICE REASON      VERSION
3478/udp open|filtered unknown no-response

Service detection performed. Please report any incorrect results at
http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 85.27 seconds

-- end of message --
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Thanks for reporting this! It was recently reported by another user and has
been corrected in the SVN version of Nmap.

//Patrik

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Possible bug in ./scripts/stun-version.nse script Szucs, Laszlo (NSN - HU/Budapest) (Aug 11)
- Re: Possible bug in ./scripts/stun-version.nse script Patrik Karlsson (Aug 11)