Nmap Development mailing list archives
Re: Hang on SNMP script?
From: Abuse 007 <abuse007 () gmail com>
Date: Wed, 19 Sep 2012 20:15:23 +1000
I have seen many NSE scripts exhibit behaviour like this, where they do not terminate after a significant amount of time. A global timeout limit, retry limit, or some mechanism to be able to terminate/fail an individual script or similar would be nice. Cancelling nmap can mean that results are lost because the block was not completed and saved to one of the logs (nmap, gnmap, xml). What I have done sometimes as a work around is insert a FW rule to drop the traffic, which breaks the infinite loop, without losing information that may have taken a long time to collect (useful when there is not enough time to start the scan again). A a side note, from what I can tell NSE is not threaded, (not sure about the rest of nmap), and some scripts can be CPU bound rather than network-bound. Making NSE multi-threaded or multi-processing would allow it to scale better on multi-processor/core systems. On Wed, Sep 19, 2012 at 8:18 AM, David Fifield <david () bamsoftware com> wrote:
On Thu, Sep 13, 2012 at 04:38:52PM -0500, Christopher Clements wrote:More info on the specific script running: NSE Timing: About 99.99% done; ETC: 16:38 (0:00:04 remaining) NSE: Running: 'snmp-win32-software' (thread: 0x69e6d20) stack traceback: [C]: in function 'send' /usr/local/bin/../share/nmap/nselib/snmp.lua:479: in function 'snmpWalk' .../local/bin/../share/nmap/scripts/snmp-win32-software.nse:96: in function <.../local/bin/../share/nmap/scripts/snmp-win32-software.nse:84> (...tail calls...) ---------- Forwarded message ---------- From: Christopher Clements <christopher.a.clements () gmail com> Date: Thu, Sep 13, 2012 at 4:36 PM Subject: Hang on SNMP script? To: nmap-dev () insecure org I've been running an internal scan for the past 24 hours with the following options: nmap -A -vvv -sSUCV --reason --open <targets> however, it seems to be hung at this point for the past 12: NSE Timing: About 99.99% done; ETC: 16:31 (0:00:03 remaining) Stats: 22:15:16 elapsed; 52 hosts completed (128 up), 128 undergoing Script Scan NSE: Active NSE Script Threads: 1 (0 waiting) If I increase to debug level 3, I have seen these messages happening for the past 12 hours: 00000000: 30 2b 02 01 00 04 06 70 75 62 6c 69 63 a2 1e 02 0+ public 00000010: 02 6f 0c 02 01 05 02 01 01 30 12 30 10 06 0c 2b o 0 0 + 00000020: 06 01 02 01 19 06 03 01 05 81 68 05 00 h 00000000: 30 2b 02 01 00 04 06 70 75 62 6c 69 63 a1 1e 02 0+ public 00000010: 02 6f 0c 02 01 00 02 01 00 30 12 30 10 06 0c 2b o 0 0 + 00000020: 06 01 02 01 19 06 03 01 05 81 68 05 00 h 00000000: 30 2b 02 01 00 04 06 70 75 62 6c 69 63 a2 1e 02 0+ public 00000010: 02 6f 0c 02 01 05 02 01 01 30 12 30 10 06 0c 2b o 0 0 + 00000020: 06 01 02 01 19 06 03 01 05 81 68 05 00 h 00000000: 30 2b 02 01 00 04 06 70 75 62 6c 69 63 a1 1e 02 0+ public 00000010: 02 6f 0c 02 01 00 02 01 00 30 12 30 10 06 0c 2b o 0 0 + 00000020: 06 01 02 01 19 06 03 01 05 81 68 05 00 h 00000000: 30 2b 02 01 00 04 06 70 75 62 6c 69 63 a2 1e 02 0+ public 00000010: 02 6f 0c 02 01 05 02 01 01 30 12 30 10 06 0c 2b o 0 0 + 00000020: 06 01 02 01 19 06 03 01 05 81 68 05 00 hI see alternation between a1 and a2 in this column ↑↑ According to snmp.lua, these are "Get Next" and "Get Response". It seems that the OID is not changing each time, though. Please try this patch and we can see what OIDs are being tried. An OID comparison is controlling the exit from the loop in snmpWalk. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Hang on SNMP script? Christopher Clements (Sep 13)
- Hang on SNMP script? Christopher Clements (Sep 13)
- Re: Hang on SNMP script? David Fifield (Sep 18)
- Re: Hang on SNMP script? Abuse 007 (Sep 19)
- Re: Hang on SNMP script? David Fifield (Sep 24)
- Message not available
- Re: Hang on SNMP script? Christopher Clements (Sep 25)
- Re: Hang on SNMP script? David Fifield (Sep 18)
- Hang on SNMP script? Christopher Clements (Sep 13)