November 21, 2007

Women and Security (Nmap case)

While browsing Nmap changelog, I came across this paragraph which looked very cool to me:

Reworded an error message after a woman reported that it was "highly offensive and sexist". She also noted that "times have changed and many women now use your software" and "a sexist remark like the one above should have no place in software." The message was: "TCP/IP fingerprinting (for OS scan) requires root privileges. Sorry, dude.". I checked svn blame to call out the insensitive, chauvinistic jerk who wrote that message, but it was me :).

Things change, and women too ! :-)

Btw , today Nmap is trying to be confusing . I tried to do a normap ping scan against some internal firewalled hosts ,and nmap was responding me like an idolt ! normal ICMP through 'ping' command works fine , but Nmap failed to find any live host .
Trying different ping scan methods and switches didn`t help so I became more suspicious. running favorite sniffer told me that Nmap is not sending any ICMP packet at all !
Here`s what Nmap is sendinf as ping proble :





Noticed highlighted protocol type (in red) ? Legitimate flag should be 01 ( ICMP ). What`s going on ? Am I missing something ?
I`m suspected to used platform (win2003 SP2) . I`ll check it from another host and update post if anything new appeared .

2 comments:

  1. Are you using nmap such as: "nmap -sP -PI targets"? The "-PI" specifies an ICMP ping as opposed to the nma standard "TCP ping".

    ReplyDelete
  2. Dear Anonymous ,
    thanks for your comment .
    I investigated the case , and as I guessed , it was related to Microsoft and limiting access to raw sockets . Since Nmap bypass (technique to foil this protection) is designed to bypass XP SP2 related dlls , it fails to work on 2003sp2 .
    I also tried Eeye BIOT on win2003sp2 , but seems related driver (tcpip.sys) is completely rewritten after initial release in win2003 .

    ReplyDelete