nmap broken again in 9.1 ?
Hi Im trying to run nmap as root to use some features i need but it doesnt scan anything, as user it scan normally am on suse 9.1, with kernel 2.6.5-7.104-default have all the patches from Yast/Online Update until today, maybe the last kernel upgrade broke something i dont know Thanks for your help guys -- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V. http://www.radikalsystems.com
I made a link in /lib/modules/ to fix both nmap, tcpdump and ethereal cd /lib/modules ln -s 2.6.5-7.104-smp 2.6.5-7.95-smp Replace '-smp' with whatever kernel you have. (standard, smp, .....) Best regards Søren Kent Jensen ----- Original Message ----- From: "David Uvalle" <david@radikalsystems.com> To: <suse-security@suse.com> Sent: Sunday, August 15, 2004 10:45 AM Subject: [suse-security] nmap broken again in 9.1 ?
Hi
Im trying to run nmap as root to use some features i need but it doesnt scan anything, as user it scan normally
am on suse 9.1, with kernel 2.6.5-7.104-default have all the patches from Yast/Online Update until today, maybe the last kernel upgrade broke something i dont know
Thanks for your help guys
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hello, Am Sonntag, 15. August 2004 09:42 schrieb Søren Kent Jensen:
I made a link in /lib/modules/ to fix both nmap, tcpdump and ethereal
cd /lib/modules ln -s 2.6.5-7.104-smp 2.6.5-7.95-smp
Did you reboot after the last kernel update? Gruß Christian Boltz --
All cats purr at 28hz. I think your cats need tuning - according to a couple of quick measure- ments on a recently calibrated reference cat, the dominant frequency of a correctly adjusted cat should be 12Hz +/-20%. [Lionel Lauer]
On Sunday 15 August 2004 9:22 am, Christian Boltz wrote:
Hello,
Am Sonntag, 15. August 2004 09:42 schrieb Søren Kent Jensen:
I made a link in /lib/modules/ to fix both nmap, tcpdump and ethereal
cd /lib/modules ln -s 2.6.5-7.104-smp 2.6.5-7.95-smp
Thanx Soren but that doesnt work for me
Did you reboot after the last kernel update?
yes I did.
Gruß
Christian Boltz --
All cats purr at 28hz.
I think your cats need tuning - according to a couple of quick measure- ments on a recently calibrated reference cat, the dominant frequency of a correctly adjusted cat should be 12Hz +/-20%. [Lionel Lauer]
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V. http://www.radikalsystems.com
On Sun, Aug 15, 2004 at 01:45:37AM -0700, David Uvalle wrote:
Im trying to run nmap as root to use some features i need but it doesnt scan anything, as user it scan normally
am on suse 9.1, with kernel 2.6.5-7.104-default have all the patches from Yast/Online Update until today, maybe the last kernel upgrade broke something i dont know
It works here just fine: sudo nmap -v -O localhost Password: Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 11:57 PDT Host localhost (127.0.0.1) appears to be up ... good. Initiating SYN Stealth Scan against localhost (127.0.0.1) at 11:57 Adding open port 22/tcp Adding open port 25/tcp Adding open port 80/tcp Adding open port 631/tcp Adding open port 111/tcp The SYN Stealth Scan took 0 seconds to scan 1659 ports. For OSScan assuming that port 22 is open and port 1 is closed and neither are firewalled Interesting ports on localhost (127.0.0.1): (The 1654 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 631/tcp open ipp Device type: general purpose Running: Linux 2.4.X|2.5.X OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2 Linux 2.4.19 rc1-rc7) Uptime 3.583 days (since Wed Aug 11 21:58:45 2004) TCP Sequence Prediction: Class=random positive increments Difficulty=3378748 (Good luck!) IPID Sequence Generation: All zeros Nmap run completed -- 1 IP address (1 host up) scanned in 5.717 seconds kernel 2.6.5-7.104-default, nmap-3.50-71 Regards, -Kastus
On Sunday 15 August 2004 12:01 pm, Kastus wrote:
On Sun, Aug 15, 2004 at 01:45:37AM -0700, David Uvalle wrote:
Im trying to run nmap as root to use some features i need but it doesnt scan anything, as user it scan normally
am on suse 9.1, with kernel 2.6.5-7.104-default have all the patches from Yast/Online Update until today, maybe the last kernel upgrade broke something i dont know
It works here just fine:
sudo nmap -v -O localhost Password:
if you scan localhost it runs well but try an external host $ sudo nmap -v -O www.cofradia.org Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:10 PDT Host 69.93.121.179 appears to be down, skipping it. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.118 seconds now trying to scan localhost: $ sudo nmap -v localhost Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:13 PDT Host localhost (127.0.0.1) appears to be up ... good. Initiating SYN Stealth Scan against localhost (127.0.0.1) at 14:13 Adding open port 22/tcp Adding open port 80/tcp The SYN Stealth Scan took 0 seconds to scan 1659 ports. Interesting ports on localhost (127.0.0.1): (The 1657 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap run completed -- 1 IP address (1 host up) scanned in 1.027 seconds
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 11:57 PDT Host localhost (127.0.0.1) appears to be up ... good. Initiating SYN Stealth Scan against localhost (127.0.0.1) at 11:57 Adding open port 22/tcp Adding open port 25/tcp Adding open port 80/tcp Adding open port 631/tcp Adding open port 111/tcp The SYN Stealth Scan took 0 seconds to scan 1659 ports. For OSScan assuming that port 22 is open and port 1 is closed and neither are firewalled Interesting ports on localhost (127.0.0.1): (The 1654 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 631/tcp open ipp Device type: general purpose Running: Linux 2.4.X|2.5.X OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2 Linux 2.4.19 rc1-rc7) Uptime 3.583 days (since Wed Aug 11 21:58:45 2004) TCP Sequence Prediction: Class=random positive increments Difficulty=3378748 (Good luck!) IPID Sequence Generation: All zeros
Nmap run completed -- 1 IP address (1 host up) scanned in 5.717 seconds
kernel 2.6.5-7.104-default, nmap-3.50-71
Regards, -Kastus
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V. http://www.radikalsystems.com
On Sunday 15 August 2004 23:13, David Uvalle wrote:
$ sudo nmap -v -O www.cofradia.org
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:10 PDT Host 69.93.121.179 appears to be down, skipping it. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.118 seconds
Do try the -P0 option - a lot of hosts drop ICMP packets, and nmap considers those down by default since they don't reply to a ping. - Max -
Yea, how dare someone doubt SUSE like that! ;) Hehe, I know, I'm a bit of an elitist with SUSE :) I haven't had any problems at all, and I scan my network all the time. The boxes in my room: SUSE Linux 9.1 Professional Second box: Slackware Linux 10 Third box: Slackware Linux 9.1 I use SUSE and Slackware daily and I have no problems at all. Maxim A Belushkin wrote:
On Sunday 15 August 2004 23:13, David Uvalle wrote:
$ sudo nmap -v -O www.cofradia.org
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:10 PDT Host 69.93.121.179 appears to be down, skipping it. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.118 seconds
Do try the -P0 option - a lot of hosts drop ICMP packets, and nmap considers those down by default since they don't reply to a ping.
- Max -
Have u update install all the kernel security fixes until today ? On Sunday 15 August 2004 2:39 pm, Allen/Gore/SlackWareWolf wrote:
Yea, how dare someone doubt SUSE like that! ;) Hehe, I know, I'm a bit of an elitist with SUSE :)
I haven't had any problems at all, and I scan my network all the time. The boxes in my room:
SUSE Linux 9.1 Professional
Second box: Slackware Linux 10
Third box: Slackware Linux 9.1
I use SUSE and Slackware daily and I have no problems at all.
Maxim A Belushkin wrote:
On Sunday 15 August 2004 23:13, David Uvalle wrote:
$ sudo nmap -v -O www.cofradia.org
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:10 PDT Host 69.93.121.179 appears to be down, skipping it. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.118 seconds
Do try the -P0 option - a lot of hosts drop ICMP packets, and nmap considers those down by default since they don't reply to a ping.
- Max -
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V. http://www.radikalsystems.com
I just need to know if some of us have all kernel security fixes installed and can run nmap as root, if somebody can, then is broke something thanks On Sunday 15 August 2004 4:47 pm, David Uvalle wrote:
Have u update install all the kernel security fixes until today ?
On Sunday 15 August 2004 2:39 pm, Allen/Gore/SlackWareWolf wrote:
Yea, how dare someone doubt SUSE like that! ;) Hehe, I know, I'm a bit of an elitist with SUSE :)
I haven't had any problems at all, and I scan my network all the time. The boxes in my room:
SUSE Linux 9.1 Professional
Second box: Slackware Linux 10
Third box: Slackware Linux 9.1
I use SUSE and Slackware daily and I have no problems at all.
Maxim A Belushkin wrote:
On Sunday 15 August 2004 23:13, David Uvalle wrote:
$ sudo nmap -v -O www.cofradia.org
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:10 PDT Host 69.93.121.179 appears to be down, skipping it. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.118 seconds
Do try the -P0 option - a lot of hosts drop ICMP packets, and nmap considers those down by default since they don't reply to a ping.
- Max -
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V.
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V. http://www.radikalsystems.com
On Monday 16 August 2004 01:51, David Uvalle wrote:
I just need to know if some of us have all kernel security fixes installed and can run nmap as root, if somebody can, then is broke something thanks I am running 9.1 and have installed all updates available at YOU. With this setting I have no problems running nmap ('nmap ip-address') as root.
Raphael
Got all fixes installed here (SuSE 9.1 Professional): sh-2.05b$ sudo nmap x.y.z.k Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-16 10:32 CEST Interesting ports on <hostname> (x.y.z.k): (The 1637 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 9/tcp open discard 13/tcp open daytime 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet ... etc Works fine here... On Monday 16 August 2004 01:51, David Uvalle wrote:
I just need to know if some of us have all kernel security fixes installed and can run nmap as root, if somebody can, then is broke something thanks
On Sunday 15 August 2004 4:47 pm, David Uvalle wrote:
Have u update install all the kernel security fixes until today ?
On Sunday 15 August 2004 2:39 pm, Allen/Gore/SlackWareWolf wrote:
Yea, how dare someone doubt SUSE like that! ;) Hehe, I know, I'm a bit of an elitist with SUSE :)
I haven't had any problems at all, and I scan my network all the time. The boxes in my room:
SUSE Linux 9.1 Professional
Second box: Slackware Linux 10
Third box: Slackware Linux 9.1
I use SUSE and Slackware daily and I have no problems at all.
Maxim A Belushkin wrote:
On Sunday 15 August 2004 23:13, David Uvalle wrote:
$ sudo nmap -v -O www.cofradia.org
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:10 PDT Host 69.93.121.179 appears to be down, skipping it. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.118 seconds
Do try the -P0 option - a lot of hosts drop ICMP packets, and nmap considers those down by default since they don't reply to a ping.
- Max -
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V.
-- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V.
On Sunday 15 August 2004 12:57 pm, Maxim A Belushkin wrote:
On Sunday 15 August 2004 23:13, David Uvalle wrote:
$ sudo nmap -v -O www.cofradia.org
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 14:10 PDT Host 69.93.121.179 appears to be down, skipping it. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.118 seconds
Do try the -P0 option - a lot of hosts drop ICMP packets, and nmap considers those down by default since they don't reply to a ping.
- Max -
That host isnt blocking icmp packets as u can see below $ ping www.cofradia.org PING www.cofradia.org (69.93.121.179) 56(84) bytes of data. 64 bytes from 179.69-93-121.reverse.theplanet.com (69.93.121.179): icmp_seq=1 ttl=51 time=88.5 ms $ nmap www.cofradia.org Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 16:37 PDT Interesting ports on 179.69-93-121.reverse.theplanet.com (69.93.121.179): (The 1646 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 135/tcp filtered msrpc .... and now as root # nmap -sT www.cofradia.org Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 16:37 PDT Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.061 seconds -sT is the default scan type for unprivileged users, so i would have the same output of the first example. I guess this is not a nmap issue, maybe its a kernel issue in the last fix update BTW: thanks for your replies -- */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* David Uvalle Zepeda Chief Security Officer. Radikal Systems S.A de C.V. http://www.radikalsystems.com
On Sun, Aug 15, 2004 at 04:42:15PM -0700, David Uvalle wrote:
I guess this is not a nmap issue, maybe its a kernel issue in the last fix update
No issues with kernel: sudo nmap -sT -P0 www.cofradia.org Password: Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-15 16:25 PDT Interesting ports on 179.69-93-121.reverse.theplanet.com (69.93.121.179): (The 1651 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 1080/tcp filtered socks 1434/tcp filtered ms-sql-m 3128/tcp filtered squid-http 6969/tcp filtered acmsoda Nmap run completed -- 1 IP address (1 host up) scanned in 10.736 seconds These are the versions I'm using: rpm --qf '%{NAME}-%{VERSION}-%{RELEASE}\n' -q kernel-default kernel-default-2.6.5-7.104 rpm --qf '%{NAME}-%{VERSION}-%{RELEASE}\n' -q nmap nmap-3.50-71 Regards, -Kastus
participants (7)
-
Allen/Gore/SlackWareWolf -
Christian Boltz -
David Uvalle -
Kastus -
Maxim A Belushkin -
Raphael Schneider -
Søren Kent Jensen