Skip to content

当扫描到陈旧网络设备的19端口时,会导致socket无法断开,导致nascan.py被OOM-Kill #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
newIDforLOL opened this issue Jun 17, 2019 · 2 comments
Open

当扫描到陈旧网络设备的19端口时,会导致socket无法断开,导致nascan.py被OOM-Kill #213

newIDforLOL opened this issue Jun 17, 2019 · 2 comments

Comments

@newIDforLOL
Copy link

tcp的19端口在一些陈旧设备上依然开放,连接之后会不断刷出a-z A-Z的字符串(在/etc/service中其实可以发现19端口是chargen,大概功能就是生成字符串...),导致scan.py中的sock.close无法正常断开,进而导致nascan.py持续申请内存,一直到被OOM-Kill。

现象参考:
https://blog.csdn.net/weixin_43246151/article/details/89674697

我自己尝试在scan.py中添加sock.settimeout()和 sock.shutdown(2)都没有效果...暂时只能把19端口屏蔽掉了...
有条件的同学可以测试看看。
@dagaoya
Copy link

dagaoya commented Aug 17, 2020

今天突然内存爆炸,估计也是这个问题,只不过不是19端口,而且直接卡死也没看到是哪个服务器哪个端口,难搞了

@dagaoya dagaoya mentioned this issue Aug 18, 2020
Open
@newIDforLOL
Copy link
Author

今天突然内存爆炸,估计也是这个问题,只不过不是19端口,而且直接卡死也没看到是哪个服务器哪个端口,难搞了

排查方法:

lsof -nPp ps aux | grep nascan | grep -v grep | awk '{print $2}' | grep ESTABLISHED

多刷几次,如果发现有ip持续保持在ESTABLISHED不动的话,估计就是和我一样的问题,socket无法断开...原因可能不是在python层,但具体解决方法不明。

更详细的可以考虑调试thread和内存占用情况。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@newIDforLOL @dagaoya