Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
From: Fyodor (fyodor@insecure.org)
Date: 12/24/02
- Previous message: Pavel Kankovsky: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- In reply to: alfaentomega: "Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- Next in thread: alfaentomega: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- Reply: alfaentomega: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Dec 2002 11:18:16 -0800 From: Fyodor <fyodor@insecure.org> To: alfaentomega <alfaentomega@yahoo.com>
On Mon, Dec 23, 2002 at 09:33:59PM -0800, alfaentomega wrote:
>
> I found out that by default nmap doesn't scan every
> port (before that I thought every port is scanned
> without explicite -p), so I ran "nmap -p1- localhost"
> and every time I saw something betwen 0 and 3 (usually
> there were 2) ports which were reported by nmap as
> open, but during the scan there was "Strange read
> error from 127.0.0.1 (104): Operation now in progress"
> for every one of them.
This may be a problem with your Linux kernel. When Nmap (or many
other applications, such as Telnet) does a connect() call, the OS is
supposed to choose a good souce port to bind to for the connection.
When you connect() to a ephemeral port (1024-4999 or so) on localhost,
there is a chance that the system will decide to use as a source port
the very port you are connecting to. In a bizarre twist, the
application then ends up "connecting to itself"! I consider this to
be a Linux kernel bug, but my reports to the linux-kernel list (and
offers to fix the problem) have been unheeded. Here is my first
posting (from 1999):
http://marc.theaimsgroup.com/?l=linux-kernel&m=93598368005241&w=2
So the short summary is that it is just a Linux bug which the
developers argue is a feature that they don't intend to fix.
I do have a workaround in place for Nmap versions released in the last
two or three years -- what version of Nmap are you using and what are
the exact command-line arguments?
New versions of the Nmap Security Scanner can be found at
http://www.insecure.org/nmap/
Cheers,
Fyodor
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: alfaentomega: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- Previous message: Pavel Kankovsky: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- In reply to: alfaentomega: "Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- Next in thread: alfaentomega: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- Reply: alfaentomega: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
