Nmap Development mailing list archives
Re: Malicious web server can make nmap consume all RAM memory.
From: el draco <eldraco () gmail com>
Date: Wed, 8 Apr 2015 17:41:31 +0200
Thanks David. It was my mistake I completely miss that conversation. Amazing how similar the test was. sebas On Wed, Apr 8, 2015 at 5:08 PM, David Fifield <david () bamsoftware com> wrote:
On Wed, Apr 08, 2015 at 01:06:16PM +0200, el draco wrote:* Second experiment nmap -sS -A -n -v -d -p 8800 localhost Now nmap is using -A, and the nse scripts get stuck in the honeypot. Maybe the nse engine is vulnerable. The vulnerable http requests were: GET /flumemaster.jsp (flume-master-info) GET /rs-status GET / GET /jobtracker.jsp GET /master.jsp OPTIONS / GET /tasktracker.jsp GET /browseDirectory.jsp GET /status.jsp GET /dfshealth.jsp GET /robots.txt These requests are done by some nse scripts, they were connected for 2:09 minutes and downloaded 105MB each. Which actually killed the machine running nmap because it filled its 4GB ram in 2 minutes. I had to manually stop nmap in order to recover the machine.Thanks for your message. Please see this recent thread on the same topic: http://seclists.org/nmap-dev/2015/q2/6 David Fifield _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- https://pgp.mit.edu/pks/lookup?op=get&search=0x9D9A358CA10F1601 _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Malicious web server can make nmap consume all RAM memory. el draco (Apr 08)
- Re: Malicious web server can make nmap consume all RAM memory. David Fifield (Apr 08)
- Re: Malicious web server can make nmap consume all RAM memory. el draco (Apr 08)
- Re: Malicious web server can make nmap consume all RAM memory. Nick Marsh (Apr 09)
- Re: Malicious web server can make nmap consume all RAM memory. el draco (Apr 13)
- Re: Malicious web server can make nmap consume all RAM memory. David Fifield (Apr 08)