Re: XP SP2 nmap incompatibility

From: John Singler (singler_at_MAIL.VET.UPENN.EDU)
Date: 08/12/04

  • Next message: Paul Wobbe: "Re: XP SP2 nmap incompatibility"
    Date:         Thu, 12 Aug 2004 16:57:41 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Fyodor addressed this yesterday:

    > This is just a heads-up that most Nmap functionality will not work on
    > the just-released Microsoft Windows SP2. Why? Microsoft apparently
    > broke it on purpose! When an Nmap user asked MS why security tools
    > such as Nmap broke, MS responded[1]:
    >
    > "We have removed support for TCP sends over RAW sockets in SP2.
    > We surveyed applications and found the only apps using this on XP were
    > people writing attack tools."
    >
    > I don't know why they consider Nmap an "attack tool", particularly
    > when they recommend it on some of their own pages[2]. Shrug.
    > Removing SP2 re-enables the functionality and causes Nmap to work
    > again. Many problems unrelated to Nmap have been found with SP2 as
    > well[3], though it does some welcome security improvements for people
    > stuck on that platform.
    >
    > I will work on this if I get time, but am currently busy rewriting the
    > core port scanning engine for the next version of Nmap. It is much
    > faster, offers much better multiple-host parallelization, and provides
    > other long-desired features such as completion time estimates. If
    > someone finds a solution to this SP2 problem, please send a patch. It
    > may not be too hard, as Nmap supports operating systems such as Win95
    > that didn't have raw socket support in the first place.
    >
    > Cheers,
    > Fyodor
    >
    > [1] http://seclists.org/lists/nmap-dev/2004/Apr-Jun/0077.html
    > [2] http://www.microsoft.com/serviceproviders/security/tools.asp
    > [3] http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=23905071
    >
    >
    > --------------------------------------------------
    > For help using this (nmap-hackers) mailing list, send a blank email to
    > nmap-hackers-help@insecure.org . List archive: http://seclists.org

    Ian Hayes wrote:

    > Installed XP SP2 yesterday. While the installation was lengthy but event-free, I did notice that nmap 3.55 stopped working correctly. I was in between scanning subnets here on the network, and installed SP2. After that, when I resumed my sweeps, I noticed that nmap was reporting that any host I tried scanning had all its ports filtered. I tried upgrading the Winpcap driver to the beta one, but that didn't improve things. I doublechecked my Windows Firewall settings and verified that it was set to OFF.
    >
    > After removing SP2, I scanned a host with a known configuration and nmap correctly identified the open ports and what OS it was running.

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----


  • Next message: Paul Wobbe: "Re: XP SP2 nmap incompatibility"

    Relevant Pages

    • Re: XP SP2 nmap incompatibility
      ... > the just-released Microsoft Windows SP2. ... When an Nmap user asked MS why security tools ... in between scanning subnets here on the network, ... nmap correctly identified the open ports and what OS it was running. ...
      (NT-Bugtraq)
    • Re: [Full-Disclosure] Give XP SP2 a chance
      ... security practitioners yet another reason to have a live *nix CD ... Windows XP SP2 incompatible with Nmap ... When an Nmap user asked MS why security tools ...
      (Full-Disclosure)
    • [Fwd: Windows XP SP2 incompatible with Nmap]
      ... Windows XP SP2 incompatible with Nmap ... people writing attack tools." ...
      (Pen-Test)
    • Re: XP SP2 nmap incompatibility
      ... I have found that I you set Namp to "do not ping" the IP and "do not ... Subject: XP SP2 nmap incompatibility ... While the installation was lengthy but ... I did notice that nmap 3.55 stopped working correctly. ...
      (NT-Bugtraq)
    • Re: Security tools
      ... >>What are someof the best security tools and what are they use for? ... nmap - port scanner to see what you have open ... fport - see what ports are open and what application is using that port. ... www.insecure.org Home of the nmap. ...
      (alt.computer.security)