DOS on inetd w/ nmap

[shawn.a.clifford () LMCO COM (Clifford, Shawn A)]

Hi All,

The problem is that inetd will abort when too many connections are made.
This is an old problem that appears to still be a problem even on some newer
OSes, specifically IRIX (*all* 6.2-6.5, others?), some HP-UX (B.10.20, but
only on some machines... dunno why), and of course old SunOS 4.1.3/4.1.4
machines (only some!).  You must then log on at the console (unless you had
a remote window open to the machine prior to inetd exiting) and either
restard inetd or reboot the machine.

I was fiddling with the 'httpd_scan.pl' script that I posted a while back,
which is predicated on NetCat for the port scanning and for sending http
GETs to possible servers, when I thought I would substitute 'nmap' for 'nc'
in my script.

Nmap is about 4 times faster, as it turns out, for doing port scans, but it
has this nasty side-effect.  It also seems to be sending data, as it not
only crashes inetd on IRIX, but it also crashes some service called
'sgi_fam' with an enormous amount of data.

/var/adm/SYSLOG entry:
Apr   5 18:30:43 3D:node famd: fd 10 message length 1212498244 bytes exceeds
max of 1064.

What's doubly annoying about this is that nmap is such a good tool,
otherwise, and is being promoted by SANS as a tool of choice.  Clearly
crashing inetd isn't very subtle.  Perhaps there is a way to make nmap
"low-and-slow"?

Although netcat is much slower, and doesn't have the fingerprinting
capability of nmap, I will have to keep using 'nc' for my Web server scans.

Regards,
-- Shawn