Bug in Nmap for Windows

[thehorse13]

I rarely use Nmap for windows but I was forced to while educating a friend. In the process, I found a bug (or so I believe) so if anyone would like to test this before I submit it to Insecure.org, I'd appreciate it.

SOFTWARE
====================================
WinXP Pro SP1
Nmap for Windows v1.3.1
Winpcap v3.0

SETTINGS
====================================
SYN Stealth scan against any IP you like (other than your own)
Select Port Range and use 1-65535
Select Bounce Scan and enter the IP of the host you are currently using.
Hit "Scan" NOTE: This will cause the box to reboot.

EFFECT
====================================
While I don't think that the scan type or port range have anything to do with it, when you hit "scan" you get a blue screen along with a bunch of error messages that post for about a half second and the box immediately reboots. It also seems that bootup takes awhile longer than normal after you execute the scan.

Oh yeah, I do realize you are not supposed to put your IP in the Bounce field but then again, most of the bugs I find have nothing to do with how software is "supposed" to work/be used in the first place.

Anyway, any other confirmation would be appreciated.

--TH13

[phishphreek]

SOFTWARE
====================================
WinXP Pro SP1 + all available updates
Nmap for Windows v1.3.1
Winpcap v3.0

SETTINGS
====================================
SYN Stealth scan against any IP you like (other than your own)
Select Port Range and use 1-65535
Select Bounce Scan and enter the IP of the host you are currently using.

EFFECT
====================================
Scan completed, no reboot.

Can not duplicate...

Hope that helps ya! Lets see what some others get.

[cheyenne1212]

I had the same problem with my XP pro box horse. Same versions and everything, but once I hit scan my whole machine reboots. I'm glad I'm not the only one with this problem.

[thehorse13]

I had the same problem with my XP pro box horse. Same versions and everything, but once I hit scan my whole machine reboots. I'm glad I'm not the only one with this problem.

Did you attempt a regular scan or did you use the steps I provided above?

Thanks!

[phishphreek]

Ok... that was weird....

Now I am able to crash it... the only thing I did differently this time was to scan a box with a lower ip...

example

my first scan... I scanned from machine 192.168.x.151 and put that in the bounce scan as directed. My target was 192.168.x.153. I scanned from a XP Pro box to a RH9 box.

Scan was fine.

I got a bit curious and did it again...

my second scan... I scanned from machine 192.168.x.151 and put that in the bounce scan as directed. My target was 192.168.x.101. I scanned from a Xp Pro box to a Win98 box.

Instant lockup. Started to write to disk, but no reboot. I remember disabling the reboot on crash though... so thats prolly why it didn't reboot.

I have tried it several times... sometimes it crashes... sometimes it doesn't...

http://www.activewin.com/winxp/tips/basic/20.shtml

the link above has instructions to make the machine stay at the BSOD and not reboot so you can read it.

[cheyenne1212]

I used the steps that you provided above.

It crashes everytime on me.

[thehorse13]

OK, looks like I have enough to send on to Insecure. Thanks for trying it out fellas. I dumped the error message out and I added it to my bug report. I'll let ya know what they say.

--TH13