Date: Mon, 21 Feb 2011 19:43:57 GMT From: Sayetsky Anton <vsjcfm@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/154947: Nmap 5.51 cannot scan targets over MPD's PPTP VPN link Message-ID: <201102211943.p1LJhvIu093400@red.freebsd.org> Resent-Message-ID: <201102211950.p1LJo9Tf034703@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154947 >Category: ports >Synopsis: Nmap 5.51 cannot scan targets over MPD's PPTP VPN link >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 21 19:50:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Sayetsky Anton >Release: 8.2-RELEASE >Organization: >Environment: FreeBSD jason.localdomain 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Sun Feb 20 19:50:02 EET 2011 root@jason.localdomain:/tmp/obj/usr/src/sys/JASON amd64 >Description: Nmap 5.51 on 8.2-RELEASE cannot scan any hosts that are routed by MPD's PPTP link, when running as root. But when running as normal user, all seems to be ok. Also, nmap will scan targets over an ethernet interface. Here is some info about my system: root@jason:~# pkg_info | egrep "mpd|libpdel|nmap|lua" libpdel-0.5.3_4 Packet Design multi-purpose C library for embedded applicat lua-5.1.4_5 Small, compilable scripting language providing easy access mpd-5.5 Multi-link PPP daemon based on netgraph(4) nmap-5.51 Port scanning utility for large networks root@jason:~# cat /etc/make.conf | grep -v "^#" CPUTYPE?=core2 CFLAGS= -O2 -fno-strict-aliasing -pipe COPTFLAGS= -O2 -pipe DOC_LANG= en_US.ISO8859-1 ru_RU.KOI8-R PERL_VERSION=5.10.1 root@jason:~# cat /etc/src.conf WITHOUT_AMD= WITHOUT_APM= WITHOUT_ASSERT_DEBUG= WITHOUT_ATM= WITHOUT_BIND_MTREE= WITHOUT_BIND_NAMED= WITH_BIND_SIGCHASE= WITHOUT_BLUETOOTH= WITHOUT_BSNMP= WITHOUT_CALENDAR= WITHOUT_CTM= WITHOUT_CVS= WITHOUT_FLOPPY= WITHOUT_FREEBSD_UPDATE= WITHOUT_GAMES= WITHOUT_GCOV= WITHOUT_GDB= WITHOUT_GPIB= WITHOUT_HTML= WITH_IDEA= WITHOUT_INET6= WITHOUT_IPFILTER= WITHOUT_IPX= WITHOUT_JAIL= WITHOUT_KERBEROS= WITHOUT_LPR= WITHOUT_NDIS= WITHOUT_NIS= WITHOUT_PF= WITHOUT_PORTSNAP= WITHOUT_PPP= WITHOUT_PROFILE= WITHOUT_QUOTAS= WITHOUT_RCS= WITHOUT_ROUTED= WITHOUT_SHAREDOCS= WITHOUT_WIRELESS= WITHOUT_ZFS= root@jason:~# netstat -rn | grep default default ng0 US 0 2809 ng0 root@jason:~# ifconfig ng0 ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1456 inet 193.xxx.xx.xx --> 10.0.128.1 netmask 0xffffffff root@jason:~# route get scanme.nmap.org route to: scanme.nmap.org destination: default mask: default interface: ng0 flags: <UP,DONE,STATIC> recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1456 1 0 root@jason:~# ping -c 3 scanme.nmap.org PING scanme.nmap.org (64.13.134.52): 56 data bytes 64 bytes from 64.13.134.52: icmp_seq=0 ttl=54 time=210.955 ms 64 bytes from 64.13.134.52: icmp_seq=1 ttl=54 time=212.526 ms 64 bytes from 64.13.134.52: icmp_seq=2 ttl=54 time=212.890 ms --- scanme.nmap.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 210.955/212.124/212.890/0.840 ms root@jason:~# nmap -F scanme.nmap.org Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:34 EET nexthost: failed to determine route to scanme.nmap.org (64.13.134.52) QUITTING! root@jason:~# nping scanme.nmap.org Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2011-02-21 21:34 EET Failed to determine route to host 64.13.134.52. Skipping it... Execution aborted. Nping needs at least one valid target to operate. jason@jason:~$ id uid=1001(jason) gid=1001(jason) groups=1001(jason),0(wheel) jason@jason:~$ nping scanme.nmap.org Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2011-02-21 21:35 EET SENT (0.0025s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80) RECV (0.2160s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed SENT (1.0041s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80) RECV (1.2185s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed SENT (2.0065s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80) RECV (2.2210s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed SENT (3.0095s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80) RECV (3.2245s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed SENT (4.0130s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80) RECV (4.2242s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed Max rtt: 214.926ms | Min rtt: 211.175ms | Avg rtt: 213.684ms TCP connection attempts: 5 | Successful connections: 5 | Failed: 0 (0.00%) Tx time: 4.01157s | Tx bytes/s: 99.71 | Tx pkts/s: 1.25 Rx time: 4.22274s | Rx bytes/s: 47.36 | Rx pkts/s: 1.18 Nping done: 1 IP address pinged in 4.22 seconds jason@jason:~$ nmap -F scanme.nmap.org Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:35 EET Nmap scan report for scanme.nmap.org (64.13.134.52) Host is up (0.22s latency). Not shown: 95 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp closed smtp 53/tcp open domain 80/tcp open http 113/tcp closed auth Nmap done: 1 IP address (1 host up) scanned in 18.24 seconds root@jason:~# nmap -e ng0 scanme.nmap.org Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:37 EET nexthost: failed to determine route to scanme.nmap.org (64.13.134.52) QUITTING! >How-To-Repeat: Fresh install Nmap 4.51 on the 8.1-RELEASE, install mpd, create PPTP VPN internet connection, then try to scan any target behind this PPTP link. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102211943.p1LJhvIu093400>