mailing list archives
Re: Technical Observations on SATAN: Issue: VMS and TCP/I
From: rnayfield () mail iconnet com (Nayfield, Rod)
Date: Fri, 07 Apr 95 12:47:04 EST
When using the "heavy" scanning mode on a network protected by
Checkpoint's (or sunsoft's OEM of it) FireWall-1 on a low-end system
(IPX w/32mb ram) the FW runs out of memory. This does not yield any
security problems, however logging may stop/miss a few. Then the log
should be cleared to reduce the memory used by the fw process.
This is not a security problem, just a measure of the incredible force
SATAN uses when on 'heavy' mode.
______________________________ Reply Separator _________________________________
Subject: Re: Technical Observations on SATAN: Issue: VMS and TCP/IP
Author: tfs () vampire science gmu edu at Internet
Date: 4/7/95 3:07 AM
Erik Lindquist wrote:
|For some reason when I test SATAN against VMS systems running either UCX or
|Wollongong TCP/IP stacks the systems crash.
|This seems to be true for the heavy test only. Other potentially
|coincidental events include:
| 1. First test on a given node; when system reboots and a test
| is again performed a successful test seems to be made.
| 2. The first test uses the FQDN and the second test uses the
| IP address.
|I have no idea where to look? The crash logs do not reveal anything helpful.
|A message coming from SATAN says:
| bin/udp_scan: are we talking to a dead host or network?
I do some admin stuff at GMU, and while one of the other admin's here
was running it against our subnet we encountered a crash. We've got
a Paragon, and on the heavy scan it crashed during the test. We havn't
isolated why yet, but suspect that it was becasue it was being hammered
quite fast. This was after the "light & med" tests hasd passed. That
machine is fairly tight, so it wasn't a matter of there being alot
of ports open or anything... Anyway it didn't happen again, and we
really ~obviously~ arn't looking to replicate it, particlularly on
this machine, but I'd be interested to hear of any similar stuff
from other folks.
Shadowed PW file under Linux lenex (Apr 07)