Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Should nmap cause a DoS on cisco routers?
From: "Dario Ciccarone (dciccaro)" <dciccaro () cisco com>
Date: Thu, 1 Jul 2010 13:28:49 -0500

Hash: SHA1


        (x-posting to full-disclosure as it looks like those guys over
are having a bit of a philosophical discussion over this ;))

        Hi there. My name is Dario Ciccarone and I work as an Incident
Manager on the Cisco PSIRT - Product Security Incident Response Team.

        Your post has certainly caught our attention - indeed, if
running an
nmap scan (no matter which specific command-line options were in use)
against a Cisco device makes it crash, we're certainly interested in
knowing more.

        In order to follow-up on this, we would greatly appreciate if
could send us:

        * a "show tech" from one or more of the affected devices -
if those are different kind of devices (switches, routers, firewalls,

        * if you've been able to collect any crashinfo files - those
also come handy

        * if you have any console output/syslog messages/traceback
information coming from any of the affected devices

        * the specific nmap version you're using

        If you could send all of that to psirt () cisco com (if possible,
encrypted with the PSIRT GPG public key -
licy.html#roosfassv) we would look right into it.

        Much appreciated,

Dario Ciccarone <dciccaro () cisco com>
Incident Manager - CCIE #10395 
Product Security Incident Response Team (PSIRT)
Cisco Systems, Inc.
PGP Key ID: 0xBA1AE0F0

This email may contain confidential and privileged material for the
sole use of the intended recipient. Any review, use, distribution or
disclosure by others is strictly prohibited. If you are not the
intended recipient (or authorized to receive for the recipient),
please contact the sender by reply email and delete all copies of
this message.

For corporate legal information go to:

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Shang Tsung
Sent: Wednesday, June 30, 2010 7:04 AM
To: pen-test () securityfocus com
Subject: Should nmap cause a DoS on cisco routers?


Some days ago, I had the task to discover the SNMP version that our
 servers and networking devices use. So I run nmap using the
following  command:

nmap -sU -sV -p 161-162 -iL target_file.txt

This command was supposed to use UDP to probe ports 161 and 
162, which 
are used for SNMP and SNMP Trap respectively, and return the SNMP 

This "innocent" command caused most networking devices to crash and
 reboot, causing a Denial of Service attack and bringing down the 

Now my question is.. Should this had happened? Can nmap bring 
the whole 
network down from one single machine?

Is this a configuration error of the networking devices?

This is scary...

Shang Tsung


This list is sponsored by: Information Assurance 
Certification Review Board

Prove to peers and potential employers without a doubt that 
you can actually do a proper penetration test. IACRB CPT and 
CEPT certs require a full practical examination in order to 
become certified. 


Version: PGP 8.1


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]