ports/154947: Nmap 5.51 cannot scan targets over MPD's PPTP VPN link
Sayetsky Anton
vsjcfm at gmail.com
Mon Feb 21 19:50:10 UTC 2011
>Number: 154947
>Category: ports
>Synopsis: Nmap 5.51 cannot scan targets over MPD's PPTP VPN link
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 21 19:50:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Sayetsky Anton
>Release: 8.2-RELEASE
>Organization:
>Environment:
FreeBSD jason.localdomain 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Sun Feb 20 19:50:02 EET 2011 root at jason.localdomain:/tmp/obj/usr/src/sys/JASON amd64
>Description:
Nmap 5.51 on 8.2-RELEASE cannot scan any hosts that are routed by MPD's PPTP link, when running as root. But when running as normal user, all seems to be ok. Also, nmap will scan targets over an ethernet interface.
Here is some info about my system:
root at jason:~# pkg_info | egrep "mpd|libpdel|nmap|lua"
libpdel-0.5.3_4 Packet Design multi-purpose C library for embedded applicat
lua-5.1.4_5 Small, compilable scripting language providing easy access
mpd-5.5 Multi-link PPP daemon based on netgraph(4)
nmap-5.51 Port scanning utility for large networks
root at jason:~# cat /etc/make.conf | grep -v "^#"
CPUTYPE?=core2
CFLAGS= -O2 -fno-strict-aliasing -pipe
COPTFLAGS= -O2 -pipe
DOC_LANG= en_US.ISO8859-1 ru_RU.KOI8-R
PERL_VERSION=5.10.1
root at jason:~# cat /etc/src.conf
WITHOUT_AMD=
WITHOUT_APM=
WITHOUT_ASSERT_DEBUG=
WITHOUT_ATM=
WITHOUT_BIND_MTREE=
WITHOUT_BIND_NAMED=
WITH_BIND_SIGCHASE=
WITHOUT_BLUETOOTH=
WITHOUT_BSNMP=
WITHOUT_CALENDAR=
WITHOUT_CTM=
WITHOUT_CVS=
WITHOUT_FLOPPY=
WITHOUT_FREEBSD_UPDATE=
WITHOUT_GAMES=
WITHOUT_GCOV=
WITHOUT_GDB=
WITHOUT_GPIB=
WITHOUT_HTML=
WITH_IDEA=
WITHOUT_INET6=
WITHOUT_IPFILTER=
WITHOUT_IPX=
WITHOUT_JAIL=
WITHOUT_KERBEROS=
WITHOUT_LPR=
WITHOUT_NDIS=
WITHOUT_NIS=
WITHOUT_PF=
WITHOUT_PORTSNAP=
WITHOUT_PPP=
WITHOUT_PROFILE=
WITHOUT_QUOTAS=
WITHOUT_RCS=
WITHOUT_ROUTED=
WITHOUT_SHAREDOCS=
WITHOUT_WIRELESS=
WITHOUT_ZFS=
root at jason:~# netstat -rn | grep default
default ng0 US 0 2809 ng0
root at jason:~# ifconfig ng0
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1456
inet 193.xxx.xx.xx --> 10.0.128.1 netmask 0xffffffff
root at jason:~# route get scanme.nmap.org
route to: scanme.nmap.org
destination: default
mask: default
interface: ng0
flags: <UP,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1456 1 0
root at jason:~# ping -c 3 scanme.nmap.org
PING scanme.nmap.org (64.13.134.52): 56 data bytes
64 bytes from 64.13.134.52: icmp_seq=0 ttl=54 time=210.955 ms
64 bytes from 64.13.134.52: icmp_seq=1 ttl=54 time=212.526 ms
64 bytes from 64.13.134.52: icmp_seq=2 ttl=54 time=212.890 ms
--- scanme.nmap.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 210.955/212.124/212.890/0.840 ms
root at jason:~# nmap -F scanme.nmap.org
Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:34 EET
nexthost: failed to determine route to scanme.nmap.org (64.13.134.52)
QUITTING!
root at jason:~# nping scanme.nmap.org
Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2011-02-21 21:34 EET
Failed to determine route to host 64.13.134.52. Skipping it...
Execution aborted. Nping needs at least one valid target to operate.
jason at jason:~$ id
uid=1001(jason) gid=1001(jason) groups=1001(jason),0(wheel)
jason at jason:~$ nping scanme.nmap.org
Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2011-02-21 21:35 EET
SENT (0.0025s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (0.2160s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (1.0041s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (1.2185s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (2.0065s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (2.2210s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (3.0095s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (3.2245s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (4.0130s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (4.2242s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
Max rtt: 214.926ms | Min rtt: 211.175ms | Avg rtt: 213.684ms
TCP connection attempts: 5 | Successful connections: 5 | Failed: 0 (0.00%)
Tx time: 4.01157s | Tx bytes/s: 99.71 | Tx pkts/s: 1.25
Rx time: 4.22274s | Rx bytes/s: 47.36 | Rx pkts/s: 1.18
Nping done: 1 IP address pinged in 4.22 seconds
jason at jason:~$ nmap -F scanme.nmap.org
Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:35 EET
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.22s latency).
Not shown: 95 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp closed smtp
53/tcp open domain
80/tcp open http
113/tcp closed auth
Nmap done: 1 IP address (1 host up) scanned in 18.24 seconds
root at jason:~# nmap -e ng0 scanme.nmap.org
Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:37 EET
nexthost: failed to determine route to scanme.nmap.org (64.13.134.52)
QUITTING!
>How-To-Repeat:
Fresh install Nmap 4.51 on the 8.1-RELEASE, install mpd, create PPTP VPN internet connection, then try to scan any target behind this PPTP link.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list