Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

nmap IPv6 functionality partly broken on NetBSD

From: Fredrik Pettai <pettai () nordu net>
Date: Sat, 23 Mar 2013 19:45:25 +0100
Hi,

I haven't followed recent development, but noted that some changes has broken some nmap functionality then running on 
NetBSD. All the problems I've found seems to be then running nmap as root.

Here is one example:

# nmap -v -A6 scanme.nmap.org

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-23 19:19 CET
NSE: Loaded 93 scripts for scanning.
NSE: Script Pre-scanning.
Target* nexthost(HostGroupState*, const addrset*, scan_lists*, int): failed to determine route to scanme.nmap.org 
(2600:3c01::f03c:91ff:fe93:cd19)
QUITTING!

(same problem with the newest stable release…)

# nmap -v -A6 scanme.nmap.org

Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-23 19:24 CET
NSE: Loaded 106 scripts for scanning.
NSE: Script Pre-scanning.
Target* nexthost(HostGroupState*, const addrset*, scan_lists*, int): failed to determine route to scanme.nmap.org 
(2600:3c01::f03c:91ff:fe93:cd19)
NSE: Script Post-scanning.
Read data files from: /usr/pkg/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 1.20 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)


I noted that nmap -iflist doesn't show any IPv6 routes, which I guess should be in there.

# nmap -iflist

Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-23 19:28 CET
Warning: File ./nmap-services exists, but Nmap is using /usr/pkg/bin/../share/nmap/nmap-services for security and 
consistency reasons.  set NMAPDIR=. to give priority to files in your local directory (may affect the other data files 
too).
************************INTERFACES************************
DEV    (SHORT)  IP/MASK                       TYPE     UP   MTU   MAC
[…]
bge0   (bge0)   fe80:1::20e:7fff:feac:fa6c/64 ethernet up   1500  00:0E:7F:AC:FA:6C
bge0   (bge0)   2001:6b0:8::78/64             ethernet up   1500  00:0E:7F:AC:FA:6C
lo0    (lo0)    127.0.0.1/8                   loopback up   33192
lo0    (lo0)    ::1/128                       loopback up   33192
lo0    (lo0)    fe80:3::1/64                  loopback up   33192
pflog0 (pflog0) (null)/0                      other    up   33192

**************************ROUTES**************************
DST/MASK      DEV  GATEWAY
127.0.0.1/32  lo0  127.0.0.1
127.0.0.0/8   lo0  127.0.0.1
0.0.0.0/0     bge0 193.10.5.1
193.10.5.0/0  bge0

(then running as non-root, I get same routes (without IPv6 routes...))

----------

Anyway, IPv6 scanning works perfectly as non-root user:

$ nmap -v -A6 scanme.nmap.org

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-23 19:20 CET
NSE: Loaded 93 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 19:20
Scanning scanme.nmap.org (2600:3c01::f03c:91ff:fe93:cd19) [2 ports]
Completed Ping Scan at 19:20, 0.21s elapsed (1 total hosts)
Initiating System DNS resolution of 1 host. at 19:20
Completed System DNS resolution of 1 host. at 19:20, 1.41s elapsed
Initiating Connect Scan at 19:20
Scanning scanme.nmap.org (2600:3c01::f03c:91ff:fe93:cd19) [1000 ports]
Discovered open port 22/tcp on 2600:3c01::f03c:91ff:fe93:cd19
Discovered open port 80/tcp on 2600:3c01::f03c:91ff:fe93:cd19
Completed Connect Scan at 19:20, 9.19s elapsed (1000 total ports)
Initiating Service scan at 19:20
Scanning 2 services on scanme.nmap.org (2600:3c01::f03c:91ff:fe93:cd19)
Completed Service scan at 19:20, 6.45s elapsed (2 services on 1 host)
NSE: Script scanning 2600:3c01::f03c:91ff:fe93:cd19.
Initiating NSE at 19:20
Completed NSE at 19:20, 4.31s elapsed
Nmap scan report for scanme.nmap.org (2600:3c01::f03c:91ff:fe93:cd19)
Host is up (0.21s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 5.3p1 Debian 3ubuntu7 (protocol 2.0)
| ssh-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
|_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)
80/tcp open  http    Apache httpd 2.2.14 ((Ubuntu))
|_http-methods: GET HEAD POST OPTIONS
|_http-title: Go ahead and ScanMe!
|_http-favicon: Unknown favicon MD5: 156515DA3C0F7DC6B2493BD5CE43F795
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Host script results:
|_address-info: IPv6 EUI-64; MAC address: f2:3c:91:93:cd:19 (Unknown)

NSE: Script Post-scanning.
Initiating NSE at 19:20
Completed NSE at 19:20, 0.00s elapsed
Read data files from: /usr/pkg/bin/../share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.87 seconds

Re,
/P

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: