Nmap Development mailing list archives
[NSE] rpc.lua fix for binding to reserved ports (tcp)
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 20 Sep 2012 09:39:41 -0500
List,This issue has come up previously (), but we missed a situation that I've run into: When a host stops responding to probes (possibly due to an adaptive firewall detecting the portscan phase), rpc-grind and possibly other scripts will take a long time timing out with every source port between 600 and 1024, since that portion of rpc.lua doesn't check the type of failure (timeout vs. port in use, specifically). Here's a patch to add that check:
--- a/nselib/rpc.lua +++ b/nselib/rpc.lua @@ -171,9 +171,14 @@ Comm = { status, err = socket:bind(nil, resvport) if status then status, err = socket:connect(host, port) - if status then break end + if status or err == "TIMEOUT" then break end end end + if not status and err ~= "TIMEOUT" then+ stdnse.print_debug("%s reserved port bind failed, trying ephemeral port", self.program)
+ socket = nmap.new_socket() + status, err = socket:connect(host, port) + end else status, err = socket:connect(host, port) endThe only thing I'm not sure about is whether to explicitly check for TIMEOUT the first time, or simply check for err ~= "ERROR", which is what ought to happen with EADDRINUSE. Thoughts?
Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] rpc.lua fix for binding to reserved ports (tcp) Daniel Miller (Sep 20)
- Re: [NSE] rpc.lua fix for binding to reserved ports (tcp) David Fifield (Sep 20)
- Re: [NSE] rpc.lua fix for binding to reserved ports (tcp) David Fifield (Sep 20)
- Re: [NSE] rpc.lua fix for binding to reserved ports (tcp) Daniel Miller (Sep 20)
- Re: [NSE] rpc.lua fix for binding to reserved ports (tcp) David Fifield (Sep 20)
- Re: [NSE] rpc.lua fix for binding to reserved ports (tcp) Daniel Miller (Sep 20)