Nmap Development mailing list archives
Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS)
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 5 Sep 2013 08:04:05 -0500
I can replicate the behavior on Ubuntu 12.04 against www.itslearning.com. I've created pastes with debugging output from 2 versions of Nmap: * http://pastebin.com/HqFCcYai - Nmap 6.41SVN with -d4 * http://pastebin.com/bCfdqFh3 - Nmap 6.02 with -d3 I also ran a scan without the NSE script immediately followed by openssl s_client, which was able to connect with no timeout. Dan On Wed, Sep 4, 2013 at 3:47 PM, Nmap User1 <nmapuser1 () gmail com> wrote:
Hello, I've been observing some odd nmap behavior lately when it comes to scanning SSL services, typically HTTPS, under Ubuntu 12.04 LTS. In summary, nmap under Ubuntu 12.04 LTS is often unable to complete a SSL scan due to an apparent timeout issue. Nmap does not behave this way with all HTTPS services, only some, around 5% from my observations. Additionally, this behavior is only exhibited under Ubuntu 12.04 LTS and not 10.04 LTS. Nmap versions 6.25, 6.40, and 6.41 all demonstrate the same behavior. Additionally, I've recompiled nmap to use the same version of OpenSSL on both versions of Ubuntu with no change in behavior. Randomly selected hosts (from Google): * www.bwin.com * home.eease.com * www.itslearning.com For example, on any of the above hosts (sudo nmap -v -sS -Pn -p 443 --script=ssl-cert <host>): * Scanning port 443 with nmap v6.41 under Ubuntu 10.04 LTS, takes 1 second and correctly displays the ssl-certificate information. * Scanning port 443 with nmap v6.41 under Ubuntu 12.04 LTS, takes 30 seconds and is unable to negotiate the SSL connection during NSE. According to the debug logs, it appears to be timing out: "NSOCK INFO [30.4340s] nsock_trace_handler_callback(): Callback: SSL-CONNECT TIMEOUT for EID 9". I have verified this behavior on numerous installations of Ubuntu 12.04 LTS. Thoughts? Can anyone else replicate this behavior (with the above random hosts or otherwise)? Thanks! _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Nmap User1 (Sep 04)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Daniel Miller (Sep 05)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Henri Doreau (Sep 05)
- RE: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Nmap User1 (Sep 06)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Henri Doreau (Sep 05)
- Re: NMap Behavior Differences (HTTPS + Ubuntu 10.04LTS & Ubuntu 12.04LTS) Daniel Miller (Sep 05)