Nmap Development mailing list archives
RE: Bug in nmap parallel resolver (dns) on Windows
From: "Frazier, Kenneth B" <kenneth.b.frazier () spiritaero com>
Date: Mon, 4 Mar 2013 08:52:59 -0600
Thank you, and yes this looks like a reasonable approach for properly enumerating valid interfaces. Ken Frazier -----Original Message----- From: David Fifield [mailto:david () bamsoftware com] Sent: Monday, March 04, 2013 1:03 AM To: Frazier, Kenneth B Cc: dev () nmap org Subject: Re: Bug in nmap parallel resolver (dns) on Windows On Wed, Feb 06, 2013 at 03:20:49PM -0600, Frazier, Kenneth B wrote:
I've found an issue while running both nmap 6.01 and 6.25 where the parallel resolver function is attempting to reverse lookup ip addresses using dns servers that were last assigned to an
adapter/network interface that is no
longer active. For example, if I have an Ethernet port, a wireless
port,
and a USB port, if any of them are disabled or disconnected but have been previously connected to a network, the Windows registry maintains
the adapters last DHCP assigned DNS servers, and parallel resolution will attempt to send queries to those addresses. If I force the use of -system-dns, nmap does not generate these [invalid] reverse
lookups.
I am capturing this activity via Wireshark. I noticed the behavior when trying to troubleshoot a problem with scans that started taking too long, shortly after connecting to a new network interface
(temporarily).
I am running Windows 7 SP1 X64, and an only using the IPv4 stack. IPv6 has been disabled.
Thanks for this report. I have attached a patch that causes Nmap to
ignore name servers from interfaces that it is not able to use.
Without this patch, I get the following:
mass_rdns: Using DNS server 10.0.2.3
mass_rdns: Using DNS server 10.0.3.2
mass_rdns: Using DNS server 192.168.0.21
mass_rdns: Using DNS server 192.168.0.1
I don't know where some of those name servers come from. They may be
things that I configured in the past while testing something. With the
patch, I get:
Interface {2E22965B-93E9-4776-AFE3-33DF46B71C0A} is not known; ignoring
its nameservers.
Interface {4D9BCAE6-74A0-4E57-9946-8DB316C5C5D6} is not known; ignoring
its nameservers.
mass_rdns: Using DNS server 192.168.0.21 Interface
{9CC9EAA1-8266-4BD3-A26A-297F9EF4E3BC} is not known; ignoring its
nameservers.
This matches my configuration in the networking control panel.
Does this patch look reasonable?
David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- Bug in nmap parallel resolver (dns) on Windows Frazier, Kenneth B (Feb 06)
- Re: Bug in nmap parallel resolver (dns) on Windows David Fifield (Mar 03)
- RE: Bug in nmap parallel resolver (dns) on Windows Frazier, Kenneth B (Mar 04)
- Re: Bug in nmap parallel resolver (dns) on Windows David Fifield (Mar 04)
- RE: Bug in nmap parallel resolver (dns) on Windows Frazier, Kenneth B (Mar 04)
- Re: Bug in nmap parallel resolver (dns) on Windows David Fifield (Mar 03)