Re: [Bulk] Re: [RFC] Crazy idea for deferring hosts in progress to a later hostgroup

[Gisle Vanem <gvanem () yahoo no>]

David Fifield wrote:

> No targets are considered slow. (No targets are deferred.) That's what
> we have now. Slow targets block the flow and prevent other targets from
> starting.

Speaking of "slow", the http-slowloris-check.nse script seems to have
an issue. I know next to nothing about LUA, but on this command:
 nmap -p80 -P0 -sT --script=http-slowloris-check.nse 93.184.219.29
 (scam-site at www.ibmoffice.webeden.co.uk)

results in this:

NSE Timing: About 0.00% done
NSE: http-slowloris-check against 93.184.219.29:80 threw an error!
EOF
stack traceback:
        [C]: in function 'try'
        f:\MingW32\src\inet\nmap/scripts\http-slowloris-check.nse:116: in
  function <f:\MingW32\src\inet\nmap/scripts\http-slowloris-check.nse:107>

NSE Timing: About 33.33% done; ETC: 12:47 (0:03:02 remaining)
NSE: http-slowloris-check against 93.184.219.29:80 threw an error!
EOF
stack traceback:
        [C]: in function 'try'
        f:\MingW32\src\inet\nmap/scripts\http-slowloris-check.nse:135: in function
  <f:\MingW32\src\inet\nmap/scripts\http-slowloris-check.nse:124>

NSE: [http-slowloris-check 93.184.219.29:80] Time difference is: 10

...

Nmap scan report for 93.184.219.29
Host is up, received user-set (0.047s latency).
Scanned at 2015-04-05 12:43:10 CET for 101s
PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE

--------

Not sure what happens. But since I get a "LIKELY" result,
I assume the script-error is not important. Or maybe this
is a false positive? Can someone try the above command on
Linux?

--
--gv
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/