Vulnerability Development mailing list archives
Re: DOS on inetd w/ nmap
From: dufresne () WINTERNET COM (Ron DuFresne)
Date: Tue, 25 Apr 2000 17:46:58 -0500
I'm looking now and finding the most current beta is Nmap 2.30BETA21 , newer even then the 2.3BETA5 over here played with most recently. This version on our end reports none of the newer -T flaggettes either. Thanks, Ron DuFresne On Tue, 25 Apr 2000, Clifford, Shawn A wrote:
I have nmap version 2.12 (the latest stable version), and 'nmap -h' doesn't show me those options for -T. To be fair, I didn't read through the man page for nmap in any detail before launching my scans. I did try variations of -sT, -sS, -sN, -P0, etc., along with -p 1- to scan all ports. I can try again against a test SGI with some of the options you mention, but it sounds like I will need to get a beta version of nmap. Also, will this make connections without sending data, or simply slow the rate of connections? For that matter, if I slow the connection rate down so that it doesn't crash inetd, then I might as well use netcat. There are 2 components, as I see it, that crash SGIs: 1) Too many connections to inetd in a short amount of time 2) Sending too much data to a service being "scanned". NetCat has -z option, which is for "zero-I/O mode [used for scanning]" In any event, the purpose of my post wasn't really to find out how to use nmap, but to point out that: a) inetd is still very susceptible to DoS on a lot of machines (I crashed about 20-30 machines), and b) if used in what I consider to be the obvious manner, nmap is about as stealthy as a sledge hammer. Although I'm using it to legitimately scan for Web servers, not for covert scans, some of you may care about the rather huge signature. I'll see if I can find a way to scan SGIs with nmap w/o crashing them and still maintain the performance advantage, and will report my findings to the list. -- ShawnNmap is about 4 times faster, as it turns out, for doingport scans, but ithas this nasty side-effect. It also seems to be sendingdata, as it notonly crashes inetd on IRIX, but it also crashes some service called 'sgi_fam' with an enormous amount of data.nmap -h: --cut--- -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy --cut--- wont this help? Am I missing the point?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- Re: DOS on inetd w/ nmap Clifford, Shawn A (Apr 25)
- Re: DOS on inetd w/ nmap Ron DuFresne (Apr 25)
- Re: DOS on inetd w/ nmap Pete Philips (Apr 26)
- Modifying NT credential and RAZOR's analysis of dvwsrr.dll Iván Arce (Apr 26)
- Notes crashed Blue Boar (Apr 26)
- <Possible follow-ups>
- Re: DOS on inetd w/ nmap John Bock (Apr 25)