Nmap Development mailing list archives
Re: Suspect that --host-timeout is not working in 4.50?
From: doug () hcsw org
Date: Fri, 21 Dec 2007 14:04:00 -0800
On Thu, Dec 20, 2007 at 10:44:42PM -0800 or thereabouts, Fyodor wrote:
Each host has a clock you'll see if you look at how it is done in the other parts of Nmap.
Of course you're right about this. The moral: don't send late-night patches without thinking them through. :) How about the attached patch? I think it should do what we want. It starts the host clocks as soon as NSE puts them into waiting_scripts and stops them as soon as it calls process_finalize() on the last script associated with that host. In nse_mainloop() it checks each script to see if its target has timedOut() and, if so, terminates the script with a LUA_ERRRUN (maybe there is a better error code that can be used, I dunno??). Here is an annotated example run: [Running it with a hostgroup of 1. Using a timeout of 6.3 seconds because version detection against (most) webservers takes at least 6 seconds because that is how long for the NULL probe to timeout] $ ./nmap -v -P0 --host-timeout 6300 --max-hostgroup 1 -n --script=showHTMLTitle.nse -sV -p 80 192.168.123.1 google.com host-timeout is given in milliseconds, so you specified less than 15 seconds (6300ms). This is allowed but not recommended. Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-21 13:48 PST Warning: Hostname google.com resolves to 3 IPs. Using 64.233.167.99. Initiating Connect Scan at 13:48 Scanning 192.168.123.1 [1 port] Discovered open port 80/tcp on 192.168.123.1 Completed Connect Scan at 13:48, 0.00s elapsed (1 total ports) Initiating Service scan at 13:48 Scanning 1 service on 192.168.123.1 Completed Service scan at 13:49, 6.00s elapsed (1 service on 1 host) SCRIPT ENGINE: Initiating script scanning. Initiating SCRIPT ENGINE at 13:49 Completed SCRIPT ENGINE at 13:49, 0.00s elapsed Host 192.168.123.1 appears to be up ... good. Interesting ports on 192.168.123.1: PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 1.3.29 ((Unix) mod_ssl/2.8.16 OpenSSL/0.9.7g) |_ HTML title: Site doesn't have a title. [Since this box was on my local network, sV took almost exactly 6 seconds which left more than enough time to run the script] [On to the second hostgroup...] Initiating Connect Scan at 13:49 Scanning 64.233.167.99 [1 port] Discovered open port 80/tcp on 64.233.167.99 Completed Connect Scan at 13:49, 0.08s elapsed (1 total ports) Initiating Service scan at 13:49 Scanning 1 service on 64.233.167.99 Completed Service scan at 13:49, 6.27s elapsed (1 host timed out) SCRIPT ENGINE: Initiating script scanning. Initiating SCRIPT ENGINE at 13:49 Completed SCRIPT ENGINE at 13:49, 0.00s elapsed Host 64.233.167.99 appears to be up ... good. Skipping host 64.233.167.99 due to host timeout [google.com is NOT on my local network though, so the version detection times the host out. When -sC is run, it times the host out immediately because its clock has run out] Nmap done: 2 IP addresses (2 hosts up) scanned in 12.814 seconds Here is another example: [Running full script scan against google.com but it takes longer than 10s so is timed out] $ ./nmap -v -n -sC google.com --host-timeout 10s -p 80 host-timeout is given in milliseconds, so you specified less than 15 seconds (10000ms). This is allowed but not recommended. Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-21 14:02 PST Warning: Hostname google.com resolves to 3 IPs. Using 64.233.167.99. Initiating Ping Scan at 14:02 Scanning 64.233.167.99 [1 port] Completed Ping Scan at 14:02, 0.08s elapsed (1 total hosts) Initiating Connect Scan at 14:02 Scanning 64.233.167.99 [1 port] Discovered open port 80/tcp on 64.233.167.99 Completed Connect Scan at 14:02, 0.09s elapsed (1 total ports) SCRIPT ENGINE: Initiating script scanning. Initiating SCRIPT ENGINE at 14:02 Completed SCRIPT ENGINE at 14:02, 10.21s elapsed Host 64.233.167.99 appears to be up ... good. Skipping host 64.233.167.99 due to host timeout Read data files from: . Nmap done: 1 IP address (1 host up) scanned in 10.568 seconds The only thing I'm not sure about is if NSE will run through process_mainloop() often enough to enforce really accurate host timeouts. In any case, it seems to work as well as it does in version detection. Best, Doug
Attachment:
nmap-host-timeout-support-for-nse.patch
Description:
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Suspect that --host-timeout is not working in 4.50? Randolph Reitz (Dec 14)
- Re: Suspect that --host-timeout is not working in 4.50? jah (Dec 14)
- Re: Suspect that --host-timeout is not working in 4.50? Randolph Reitz (Dec 15)
- Re: Suspect that --host-timeout is not working in 4.50? jah (Dec 15)
- Re: Suspect that --host-timeout is not working in 4.50? Randolph Reitz (Dec 16)
- Re: Suspect that --host-timeout is not working in 4.50? jah (Dec 20)
- Re: Suspect that --host-timeout is not working in 4.50? Fyodor (Dec 20)
- Re: Suspect that --host-timeout is not working in 4.50? doug (Dec 20)
- Re: Suspect that --host-timeout is not working in 4.50? Fyodor (Dec 20)
- Re: Suspect that --host-timeout is not working in 4.50? Fyodor (Dec 20)
- Re: Suspect that --host-timeout is not working in 4.50? doug (Dec 21)
- Re: Suspect that --host-timeout is not working in 4.50? Fyodor (Dec 21)
- Re: Suspect that --host-timeout is not working in 4.50? Randolph Reitz (Dec 15)
- Re: Suspect that --host-timeout is not working in 4.50? doug (Dec 20)
- Re: Suspect that --host-timeout is not working in 4.50? jah (Dec 14)