RE: Port scan causing system crashes

From: Steve Goldsby (ICS) (sgoldsby@networkarmor.com)
Date: Thu Jun 12 2003 - 14:38:35 EDT


DGUX 2.x and below definitely die upon port scan, just like old versions
of solaris (syn flood vulnerability).

-----Original Message-----
From: Helmut Springer [mailto:delta@lug-s.org]
Sent: Thursday, June 12, 2003 11:31 AM
To: pen-test@securityfocus.com
Cc: steve.x.jones@royalmail.com
Subject: Re: Port scan causing system crashes

Hi,

On 12 Jun 2003 at 13:23 +0200, steve.x.jones@royalmail.com wrote:
> Please can you help? Has any-one else out there had issues with
> NMAP port scans (or any other port scanner) causing systems to
> crash?

Yes.

> I've done a quick Google search and found confirmation for one of
> the systems - BUGTRAQ Vulnerability 3358, "IBM HACMP Port Scan
> Denial of Service Vulnerability", the other was a bespoke app
> running on some HP UX boxes.

  Document ID: HPSBUX0306-264
  Date Loaded: 20030604
        Title: SSRT3460 Network traffic can cause programs to fail
  [...]
   A. Background
      Certain network traffic can cause programs to fail. An
      example of potentially vulnerable program is diagmond.
  [...]

> Up til now I've been running port scans happily across our subnets
> to look for rogue FTP, SMTP, HTTP etc, obviously I'll have to take
> more care now...

One might say that you just find systems vulnerable to DoS attacks
this way, but in general scanning a pruduction environment always
carries a risk...

-- 
MfG/Best Regards,                  "If we keep our pride...
helmut springer                     Though paradise is lost
                                    We will pay the price,
                                    But we will not count the cost."
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:34 EDT