From 6fa497f04eab17978c5e1aa1f33a184471eb3f50 Mon Sep 17 00:00:00 2001 From: david Date: Thu, 6 May 2010 21:36:11 +0000 Subject: [PATCH] o Added EPROTO to the list of known error codes in service scan. Daniel Miller reported that an EPROTO was causing Nmap to exit after sending the Sqlping probe during service scan. The error message was "Unexpected error in NSE_TYPE_READ callback. Error code: 71 (Protocol error)". We suspect this was caused by a forged ICMP packet sent by an active firewall. --- CHANGELOG | 7 +++++++ service_scan.cc | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index ce9eaaedb..4a6aca6a3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,12 @@ # Nmap Changelog ($Id$); -*-text-*- +o Added EPROTO to the list of known error codes in service scan. Daniel + Miller reported that an EPROTO was causing Nmap to exit after sending + the Sqlping probe during service scan. The error message was + "Unexpected error in NSE_TYPE_READ callback. Error code: 71 (Protocol + error)". We suspect this was caused by a forged ICMP packet sent by an + active firewall. + o [NSE] The dns-recursion script now marks the port when it gets a response. This is a patch from Olivier M. diff --git a/service_scan.cc b/service_scan.cc index bdd7b59ed..876dff1ad 100644 --- a/service_scan.cc +++ b/service_scan.cc @@ -2268,6 +2268,10 @@ static void servicescan_read_handler(nsock_pool nsp, nsock_event nse, void *myda #ifndef WIN32 case EPIPE: #endif + case EPROTO: + // EPROTO is suspected to be caused by an active IDS/IPS that forges ICMP + // type-12 errors ("Parameter problem"). It's been seen in response to the + // Sqlping probe. case EIO: // Usually an SSL error of some sort (those are presently // hardcoded to EIO). I'll just try the next probe.