Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Should nmap cause a DoS on cisco routers?
From: AMILABS <amilabs () optonline net>
Date: Thu, 01 Jul 2010 18:21:27 -0400

Sounds like a typical FSM type bug that can be exploited. 

I worked on one back in 03.

http://amilabs.com/Cisco%20Vulnerability%20in%20Check.htm



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Florian
Weimer
Sent: Thursday, July 01, 2010 12:13 PM
To: Dobbins, Roland
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?

* Roland Dobbins:

On Jul 1, 2010, at 5:23 PM, Thierry Zoller wrote:

If a device crashes when being scanned - it's a vulnerability.

It sounds to me as if what happened was that he ended up driving the
CPUs of the devices in question to 100%, and they stopped handling
control-plane traffic and fell over.  There are infrastructure
self-protection best current practices (BCPs) which can be deployed
to defend against infrastructure-targeted DoS.

Not necessarily.  Fingerprinting is known to crash tons of devices.
And it's certainly a bug worth fixing.  Many shops write their own
scripts to gather statistics from networking devices, and it's really
annoying when those scripts bring down devices (be it due to brittle
protocol parsers, or memory leaks in the server code).

-- 
Florian Weimer                <fweimer () bfk de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra├če 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]