Date: Mon, 21 Feb 2011 19:43:57 GMT From: Sayetsky Anton <vsjcfm@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/154947: Nmap 5.51 cannot scan targets over MPD's PPTP VPN link Message-ID: <201102211943.p1LJhvIu093400@red.freebsd.org> Resent-Message-ID: <201102211950.p1LJo9Tf034703@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154947
>Category: ports
>Synopsis: Nmap 5.51 cannot scan targets over MPD's PPTP VPN link
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 21 19:50:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Sayetsky Anton
>Release: 8.2-RELEASE
>Organization:
>Environment:
FreeBSD jason.localdomain 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Sun Feb 20 19:50:02 EET 2011 root@jason.localdomain:/tmp/obj/usr/src/sys/JASON amd64
>Description:
Nmap 5.51 on 8.2-RELEASE cannot scan any hosts that are routed by MPD's PPTP link, when running as root. But when running as normal user, all seems to be ok. Also, nmap will scan targets over an ethernet interface.
Here is some info about my system:
root@jason:~# pkg_info | egrep "mpd|libpdel|nmap|lua"
libpdel-0.5.3_4 Packet Design multi-purpose C library for embedded applicat
lua-5.1.4_5 Small, compilable scripting language providing easy access
mpd-5.5 Multi-link PPP daemon based on netgraph(4)
nmap-5.51 Port scanning utility for large networks
root@jason:~# cat /etc/make.conf | grep -v "^#"
CPUTYPE?=core2
CFLAGS= -O2 -fno-strict-aliasing -pipe
COPTFLAGS= -O2 -pipe
DOC_LANG= en_US.ISO8859-1 ru_RU.KOI8-R
PERL_VERSION=5.10.1
root@jason:~# cat /etc/src.conf
WITHOUT_AMD=
WITHOUT_APM=
WITHOUT_ASSERT_DEBUG=
WITHOUT_ATM=
WITHOUT_BIND_MTREE=
WITHOUT_BIND_NAMED=
WITH_BIND_SIGCHASE=
WITHOUT_BLUETOOTH=
WITHOUT_BSNMP=
WITHOUT_CALENDAR=
WITHOUT_CTM=
WITHOUT_CVS=
WITHOUT_FLOPPY=
WITHOUT_FREEBSD_UPDATE=
WITHOUT_GAMES=
WITHOUT_GCOV=
WITHOUT_GDB=
WITHOUT_GPIB=
WITHOUT_HTML=
WITH_IDEA=
WITHOUT_INET6=
WITHOUT_IPFILTER=
WITHOUT_IPX=
WITHOUT_JAIL=
WITHOUT_KERBEROS=
WITHOUT_LPR=
WITHOUT_NDIS=
WITHOUT_NIS=
WITHOUT_PF=
WITHOUT_PORTSNAP=
WITHOUT_PPP=
WITHOUT_PROFILE=
WITHOUT_QUOTAS=
WITHOUT_RCS=
WITHOUT_ROUTED=
WITHOUT_SHAREDOCS=
WITHOUT_WIRELESS=
WITHOUT_ZFS=
root@jason:~# netstat -rn | grep default
default ng0 US 0 2809 ng0
root@jason:~# ifconfig ng0
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1456
inet 193.xxx.xx.xx --> 10.0.128.1 netmask 0xffffffff
root@jason:~# route get scanme.nmap.org
route to: scanme.nmap.org
destination: default
mask: default
interface: ng0
flags: <UP,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1456 1 0
root@jason:~# ping -c 3 scanme.nmap.org
PING scanme.nmap.org (64.13.134.52): 56 data bytes
64 bytes from 64.13.134.52: icmp_seq=0 ttl=54 time=210.955 ms
64 bytes from 64.13.134.52: icmp_seq=1 ttl=54 time=212.526 ms
64 bytes from 64.13.134.52: icmp_seq=2 ttl=54 time=212.890 ms
--- scanme.nmap.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 210.955/212.124/212.890/0.840 ms
root@jason:~# nmap -F scanme.nmap.org
Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:34 EET
nexthost: failed to determine route to scanme.nmap.org (64.13.134.52)
QUITTING!
root@jason:~# nping scanme.nmap.org
Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2011-02-21 21:34 EET
Failed to determine route to host 64.13.134.52. Skipping it...
Execution aborted. Nping needs at least one valid target to operate.
jason@jason:~$ id
uid=1001(jason) gid=1001(jason) groups=1001(jason),0(wheel)
jason@jason:~$ nping scanme.nmap.org
Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2011-02-21 21:35 EET
SENT (0.0025s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (0.2160s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (1.0041s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (1.2185s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (2.0065s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (2.2210s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (3.0095s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (3.2245s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
SENT (4.0130s) Starting TCP Handshake > scanme.nmap.org:80 (64.13.134.52:80)
RECV (4.2242s) Handshake with scanme.nmap.org:80 (64.13.134.52:80) completed
Max rtt: 214.926ms | Min rtt: 211.175ms | Avg rtt: 213.684ms
TCP connection attempts: 5 | Successful connections: 5 | Failed: 0 (0.00%)
Tx time: 4.01157s | Tx bytes/s: 99.71 | Tx pkts/s: 1.25
Rx time: 4.22274s | Rx bytes/s: 47.36 | Rx pkts/s: 1.18
Nping done: 1 IP address pinged in 4.22 seconds
jason@jason:~$ nmap -F scanme.nmap.org
Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:35 EET
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.22s latency).
Not shown: 95 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp closed smtp
53/tcp open domain
80/tcp open http
113/tcp closed auth
Nmap done: 1 IP address (1 host up) scanned in 18.24 seconds
root@jason:~# nmap -e ng0 scanme.nmap.org
Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-21 21:37 EET
nexthost: failed to determine route to scanme.nmap.org (64.13.134.52)
QUITTING!
>How-To-Repeat:
Fresh install Nmap 4.51 on the 8.1-RELEASE, install mpd, create PPTP VPN internet connection, then try to scan any target behind this PPTP link.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102211943.p1LJhvIu093400>