Re: XP SP2 nmap incompatibility

From: Joe Doyle (joe.doyle_at_PROMEGA.COM)
Date: 08/12/04

  • Next message: Jeffrey Altman: "Double Memory Free in XP SP2 IE reported by Checked build" 
    Date:         Thu, 12 Aug 2004 16:55:54 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Here's the link explaining the changes made to the TCP/IP Stack.

    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.
    mspx#XSLTsection127121120120

    Quote from that article:
    "How do I resolve these issues?

    Stop the application that is responsible for the failing connection
    attempts."

    Great. Thanks guys.

    Joe

    -----Original Message-----
    From: John Singler [mailto:singler@MAIL.VET.UPENN.EDU]
    Sent: Thursday, August 12, 2004 3:58 PM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Re: XP SP2 nmap incompatibility

    Fyodor addressed this yesterday:

    > This is just a heads-up that most Nmap functionality will not work on
    > the just-released Microsoft Windows SP2. Why? Microsoft apparently
    > broke it on purpose! When an Nmap user asked MS why security tools
    > such as Nmap broke, MS responded[1]:
    >
    > "We have removed support for TCP sends over RAW sockets in SP2.
    > We surveyed applications and found the only apps using this on XP
    were
    > people writing attack tools."
    >
    > I don't know why they consider Nmap an "attack tool", particularly
    > when they recommend it on some of their own pages[2]. Shrug.
    > Removing SP2 re-enables the functionality and causes Nmap to work
    > again. Many problems unrelated to Nmap have been found with SP2 as
    > well[3], though it does some welcome security improvements for people
    > stuck on that platform.
    >
    > I will work on this if I get time, but am currently busy rewriting the
    > core port scanning engine for the next version of Nmap. It is much
    > faster, offers much better multiple-host parallelization, and provides
    > other long-desired features such as completion time estimates. If
    > someone finds a solution to this SP2 problem, please send a patch. It
    > may not be too hard, as Nmap supports operating systems such as Win95
    > that didn't have raw socket support in the first place.
    >
    > Cheers,
    > Fyodor
    >
    > [1] http://seclists.org/lists/nmap-dev/2004/Apr-Jun/0077.html
    > [2] http://www.microsoft.com/serviceproviders/security/tools.asp
    > [3]
    http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=23
    905071
    >
    >
    > --------------------------------------------------
    > For help using this (nmap-hackers) mailing list, send a blank email to
    > nmap-hackers-help@insecure.org . List archive: http://seclists.org

    Ian Hayes wrote:

    > Installed XP SP2 yesterday. While the installation was lengthy but
    event-free, I did notice that nmap 3.55 stopped working correctly. I was
    in between scanning subnets here on the network, and installed SP2.
    After that, when I resumed my sweeps, I noticed that nmap was reporting
    that any host I tried scanning had all its ports filtered. I tried
    upgrading the Winpcap driver to the beta one, but that didn't improve
    things. I doublechecked my Windows Firewall settings and verified that
    it was set to OFF.
    >
    > After removing SP2, I scanned a host with a known configuration and
    nmap correctly identified the open ports and what OS it was running.

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is
    configured such that just hitting reply is going to result in the
    message coming to the list, not to the individual who sent the message.
    This was done to help reduce the number of Out of Office messages
    posters received. So if you want to send a reply just to the poster,
    you'll have to copy their email address out of the message and place it
    in your TO: field.
    -----

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Jeffrey Altman: "Double Memory Free in XP SP2 IE reported by Checked build"

    Relevant Pages