Re: XP SP2 nmap incompatibility
From: John Singler (singler_at_MAIL.VET.UPENN.EDU)
Date: Thu, 12 Aug 2004 16:57:41 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Fyodor addressed this yesterday:
> This is just a heads-up that most Nmap functionality will not work on
> the just-released Microsoft Windows SP2. Why? Microsoft apparently
> broke it on purpose! When an Nmap user asked MS why security tools
> such as Nmap broke, MS responded:
> "We have removed support for TCP sends over RAW sockets in SP2.
> We surveyed applications and found the only apps using this on XP were
> people writing attack tools."
> I don't know why they consider Nmap an "attack tool", particularly
> when they recommend it on some of their own pages. Shrug.
> Removing SP2 re-enables the functionality and causes Nmap to work
> again. Many problems unrelated to Nmap have been found with SP2 as
> well, though it does some welcome security improvements for people
> stuck on that platform.
> I will work on this if I get time, but am currently busy rewriting the
> core port scanning engine for the next version of Nmap. It is much
> faster, offers much better multiple-host parallelization, and provides
> other long-desired features such as completion time estimates. If
> someone finds a solution to this SP2 problem, please send a patch. It
> may not be too hard, as Nmap supports operating systems such as Win95
> that didn't have raw socket support in the first place.
>  http://seclists.org/lists/nmap-dev/2004/Apr-Jun/0077.html
>  http://www.microsoft.com/serviceproviders/security/tools.asp
>  http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=23905071
> For help using this (nmap-hackers) mailing list, send a blank email to
> email@example.com . List archive: http://seclists.org
Ian Hayes wrote:
> Installed XP SP2 yesterday. While the installation was lengthy but event-free, I did notice that nmap 3.55 stopped working correctly. I was in between scanning subnets here on the network, and installed SP2. After that, when I resumed my sweeps, I noticed that nmap was reporting that any host I tried scanning had all its ports filtered. I tried upgrading the Winpcap driver to the beta one, but that didn't improve things. I doublechecked my Windows Firewall settings and verified that it was set to OFF.
> After removing SP2, I scanned a host with a known configuration and nmap correctly identified the open ports and what OS it was running.
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.