Re: Fw: nmap bug (Strange connect error 10049)

[David Fifield <david () bamsoftware com>]

On Tue, Dec 09, 2008 at 06:11:50PM +0800, james23 wrote:
> I scan internet but it always crash by next command  
> nmap -v -PN -sV --version-all 203.65.42.255 -p T:25,53,80,443,8080,1863,8000

I see the same error with the same command.

I found a bunch of other reports of what seems to be an identical error:

"Re: Nmap Strange Read Error (Anyone Seen this Before?)"
http://seclists.org/pen-test/2005/Sep/0093.html
"Re: Windows Nmap Port 0 problem"
http://seclists.org/nmap-dev/2007/q2/0006.html
"Bug(s) in Nmap 4.60."
http://seclists.org/nmap-dev/2008/q2/0069.html
"Re: Bug Report"
http://seclists.org/nmap-dev/2008/q3/0976.html

Windows seems to have a problem with connecting to .255 addresses and
port 0, returning error code WSAEADDRNOTAVAIL (10049). A little more
digging shows that this problem was already fixed in scan_engine.cc:

"nmap (win32 4.60) bug and a fix"
http://seclists.org/nmap-dev/2008/q1/0566.html

That's why the assertion failure would happen with -sV and not with -sT.

I fixed the bug just by handling WSAEADDRNOTAVAIL as a known error
condition in nsock just as in scan_engine.cc. Scans like -sV that use
normal TCP connections won't work because Windows won't make the
connections, but they won't cause an assertion failure.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org