Re: Hard loop while Conficker scanning

[Ron <ron () skullsecurity net>]

shorejsi2 () mmm com wrote:
>  I have been having problems with Nmap going into a hard loop when 
> scanning certain IP ranges for Conficker infections. After some 
> investigation, I believe I have found the cause (and a resolution.) 
>
> There is code in the smb.lua script that looks like the following:
>
> ...
>         -- Some broken implementations of SMB don't send these variables
>         if(smb['time'] == nil) then
>                 time = 0
>         end
>         if(smb['timezone'] == nil) then
>                 timezone = 0
>         end
>         if(smb['key_length'] == nil) then
>                 key_length = 0
>         end
> ...
>
>  This was apparently added to handle non-conformant SMB implementations. I 
> changed this code to look like this:
>
> ...
>         -- Some broken implementations of SMB don't send these variables
>         if(smb['time'] == nil) then
>                 smb['time'] = 0
>         end
>         if(smb['timezone'] == nil) then
>                 smb['timezone'] = 0
>         end
>         if(smb['key_length'] == nil) then
>                 smb['key_length'] = 0
>         end
> ...
>
>  I think this is what the author originally intended. I can now scan 
> networks with 'troublesome' SMB implementation without Nmap going into a 
> loop. 
>
>  Was this the right fix? 
>
>  Whom do I tell about this?
>
>
>                         -=[ Steve ]=-

Hey Steve,

You found the right person (twice!). I committed your fix this morning, 
good catch on it.

For my own curiosity, which operating systems were doing that. Me and 
Brandon found a whole lot of printers and things of that nature that 
implemented SMB badly, but I'm surprised to find something that didn't 
turn up on Brandon's network.

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org