Nmap Development mailing list archives
RE: Ncrack on exotic Windows-land
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Fri, 10 Jul 2009 16:18:23 +0100
That's rather disappointing, as I can reliably reproduce it on an XP SP3 host. I very (and I mean very) briefly tested it on Windows Server 2003 SP2, Windows Vista SP2 and Windows Server 2008 SP2 with the Windows Firewall enabled and I couldn't reproduce it on those platforms. At least XP is only in extended support now. If we're getting picky, I'd love to see Microsoft solve the old problem of false open ports with connect scans too: http://seclists.org/nmap-dev/2006/q3/0135.html I suppose the workaround is don't have the Windows Firewall on when using Nmap/Ncrack/other pentesting tools :( Rob -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of ithilgore Sent: 10 July 2009 04:39 To: ithilgore Cc: nmap-dev; Brandon Enright; Rob Nicholls Subject: Re: Ncrack on exotic Windows-land ithilgore wrote:
Honestly, this is the first time I come across this bizarre behavior. I
know of
no other firewall which does anything similar. It goes against the RFC
rules,
against the rules of logic and potentially against the rules of the
universe.
Given that the windows firewall is, as you said, enabled by default and
that
ncrack is limited by the underlying network stack as it doesn't use raw
sockets
or other low-level stuff, I don't see any other solution at the moment,
other
than specifically instructing the users to disable the firewall for the
time
they are running ncrack (or else they will suffer a serious performance degradation). I really don't like this approach but anything else would
require
sending ha^H^H mails to Microsoft about changing the firewall's behaviour
(and I
have a feeling they might go unanswered).
<irony> Great, it seems the guys over at Redmond "can't reproduce" the bug and thus the issue is resolved: </irony> https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=470 990 What can I say? -- ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Ncrack on exotic Windows-land ithilgore (Jul 09)
- RE: Ncrack on exotic Windows-land Rob Nicholls (Jul 10)
- Re: Ncrack on exotic Windows-land Michael Pattrick (Jul 10)
- Re: Ncrack on exotic Windows-land Michael Pattrick (Jul 10)
- Re: Ncrack on exotic Windows-land ithilgore (Jul 10)
- Re: Ncrack on exotic Windows-land Michael Pattrick (Jul 10)
- RE: Ncrack on exotic Windows-land Rob Nicholls (Jul 10)