Nmap Development mailing list archives
Re: Hard loop while Conficker scanning
From: Ron <ron () skullsecurity net>
Date: Thu, 02 Apr 2009 09:16:34 -0500
shorejsi2 () mmm com wrote:
I have been having problems with Nmap going into a hard loop when scanning certain IP ranges for Conficker infections. After some investigation, I believe I have found the cause (and a resolution.)There is code in the smb.lua script that looks like the following: ... -- Some broken implementations of SMB don't send these variables if(smb['time'] == nil) then time = 0 end if(smb['timezone'] == nil) then timezone = 0 end if(smb['key_length'] == nil) then key_length = 0 end ...This was apparently added to handle non-conformant SMB implementations. I changed this code to look like this:... -- Some broken implementations of SMB don't send these variables if(smb['time'] == nil) then smb['time'] = 0 end if(smb['timezone'] == nil) then smb['timezone'] = 0 end if(smb['key_length'] == nil) then smb['key_length'] = 0 end ...I think this is what the author originally intended. I can now scan networks with 'troublesome' SMB implementation without Nmap going into a loop. Was this the right fix?Whom do I tell about this? -=[ Steve ]=-
Hey Steve,You found the right person (twice!). I committed your fix this morning, good catch on it.
For my own curiosity, which operating systems were doing that. Me and Brandon found a whole lot of printers and things of that nature that implemented SMB badly, but I'm surprised to find something that didn't turn up on Brandon's network.
Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)
- Re: Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)
- Conficker.D ??? Rathbun, Dan (Apr 02)
- Re: Conficker.D ??? Ron (Apr 02)
- Re: Conficker.D ??? jah (Apr 02)
- Re: Hard loop while Conficker scanning shorejsi2 (Apr 02)
- Re: Hard loop while Conficker scanning Ron (Apr 02)