nmap does not run as root

Discussion in 'Linux Networking' started by Timo Nentwig, Jan 8, 2004.

  1. Timo Nentwig

    Timo Nentwig Guest

    Hi!

    I've some very strange problem. nmap does work when invoked as an ordinary
    user but it does _not_ when invoked as _root_:

    root # nmap localhost

    Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-12-23 09:45 CET
    Note: Host seems down. If it is really up, but blocking our ping probes, try
    -P0
    Nmap run completed -- 1 IP address (0 hosts up) scanned in 36.463 seconds
    # su someuser
    # nmap localhost

    Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-12-23 09:46 CET
    Interesting ports on localhost (127.0.0.1):
    (The 1634 ports scanned but not shown below are in state: closed)
    Port State Service
    22/tcp open ssh

    Nmap run completed -- 1 IP address (1 host up) scanned in 0.401 seconds


    It stops working for ordinary users as well if I set SUID to nmap.

    Any idea?
    Timo
     
    Timo Nentwig, Jan 8, 2004
    #1
    1. Advertisements

  2. Timo Nentwig

    Cameron Kerr Guest

    I suggest you post the following. This may shed light on what's
    happening.

    strace -o /tmp/trace nmap localhost
    tail -30 /tmp/trace
    What distribution are you running. The latest is 3.48 at least, although
    nmap does increment quite quickly.

    Perhaps an upgrade would help. Check the bug tracking for your
    distribution.
     
    Cameron Kerr, Jan 8, 2004
    #2
    1. Advertisements

  3. Timo Nentwig

    Timo Nentwig Guest

    Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-01-09 09:14 CET
    Note: Host seems down. If it is really up, but blocking our ping probes, try
    -P0
    Nmap run completed -- 1 IP address (0 hosts up) scanned in 36.800 seconds

    # tail -30 /tmp/trace
    select(6, [5], NULL, NULL, {0, 20000}) = 0 (Timeout)
    gettimeofday({1073636125, 709687}, NULL) = 0
    select(6, [5], NULL, NULL, {0, 20000}) = 0 (Timeout)
    gettimeofday({1073636125, 729704}, NULL) = 0
    select(6, [5], NULL, NULL, {0, 20000}) = 0 (Timeout)
    gettimeofday({1073636125, 749696}, NULL) = 0
    select(6, [5], NULL, NULL, {0, 20000}) = 0 (Timeout)
    gettimeofday({1073636125, 769698}, NULL) = 0
    select(6, [5], NULL, NULL, {0, 20000}) = 1 (in [5], left {0, 3000})
    recvfrom(5, "\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0|\[email protected]\[email protected]\6\2038\177"...,
    104, MSG_TRUNC, {sa_family=AF_PACKET, proto=0x800, if1,
    pkttype=PACKET_OUTGOING, addr(0)={772, }, [20]) = 138
    gettimeofday({1073636125, 788734}, NULL) = 0
    select(6, [5], NULL, NULL, {0, 20000}) = 1 (in [5], left {0, 20000})
    recvfrom(5, "\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0|\[email protected]\[email protected]\6\2038\177"...,
    104, MSG_TRUNC, {sa_family=AF_PACKET, proto=0x800, if1,
    pkttype=PACKET_HOST, addr(0)={772, }, [20]) = 138
    ioctl(5, 0x8906, 0xbfff5f50) = 0
    gettimeofday({1073636125, 788922}, NULL) = 0
    gettimeofday({1073636125, 788945}, NULL) = 0
    close(-1) = -1 EBADF (Bad file descriptor)
    close(3) = 0
    close(4) = 0
    close(5) = 0
    gettimeofday({1073636125, 789154}, NULL) = 0
    time(NULL) = 1073636125
    write(1, "Note: Host seems down. If it is "..., 81) = 81
    write(1, "Nmap run completed -- 1 IP addre"..., 74) = 74
    brk(0) = 0x80f6000
    brk(0) = 0x80f6000
    brk(0x80ea000) = 0x80ea000
    brk(0) = 0x80ea000
    munmap(0x4001a000, 4096) = 0
    exit_group(0) = ?

    Sure, this will help you? :) The entire trace is ~500KiB large...
    SuSE9. I build 3.48 manually now. A manually build version once worked on
    SuSE 8.2 BTW.
     
    Timo Nentwig, Jan 9, 2004
    #3
  4. Timo Nentwig

    Cameron Kerr Guest

    Hmmm, it seems not to come up with any system call errors that would be
    suspect.
     
    Cameron Kerr, Jan 10, 2004
    #4
  5. Timo Nentwig

    Aaron Drew Guest

    Rootkit perhaps?
     
    Aaron Drew, Jan 18, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.