Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re[2]: Technical Observations on SATAN: Issue: VMS and TCP/I
From: rnayfield () mail iconnet com (Nayfield, Rod)
Date: Fri, 07 Apr 95 12:47:04 EST


     When using the "heavy" scanning mode on a network protected by 
     Checkpoint's (or sunsoft's OEM of it) FireWall-1 on a low-end system 
     (IPX w/32mb ram) the FW runs out of memory.  This does not yield any 
     security problems, however logging may stop/miss a few.  Then the log 
     should be cleared to reduce the memory used by the fw process.
     
     This is not a security problem, just a measure of the incredible force 
     SATAN uses when on 'heavy' mode.  
     
     Rod
     


______________________________ Reply Separator _________________________________
Subject: Re: Technical Observations on SATAN: Issue: VMS and TCP/IP
Author:  tfs () vampire science gmu edu at Internet
Date:    4/7/95 3:07 AM


Erik Lindquist wrote:
|For some reason when I test SATAN against VMS systems running either UCX or 
|Wollongong TCP/IP stacks the systems crash.
     
|This seems to be true for the heavy test only.  Other potentially 
|coincidental events include:
| 1.  First test on a given node; when system reboots and a test 
|     is again performed a successful test seems to be made.
| 2.  The first test uses the FQDN and the second test uses the 
|     IP address.
     
|I have no idea where to look? The crash logs do not reveal anything helpful. 
|A message coming from SATAN says:
| bin/udp_scan: are we talking to a dead host or network?
     
I do some admin stuff at GMU, and while one of the other admin's here 
was running it against our subnet we encountered a crash. We've got
a Paragon, and on the heavy scan it crashed during the test. We havn't 
isolated why yet, but suspect that it was becasue it was being hammered 
quite fast. This was after the "light & med" tests hasd passed. That 
machine is fairly tight, so it wasn't a matter of there being alot
of ports open or anything... Anyway it didn't happen again, and we 
really ~obviously~ arn't looking to replicate it, particlularly on 
this machine, but I'd be interested to hear of any similar stuff 
from other folks.
     
-tfs
     



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]