Full Disclosure: Re: Should nmap cause a DoS on cisco routers?

Re: Should nmap cause a DoS on cisco routers?

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 1 Jul 2010 23:16:45 +0000


On Jul 1, 2010, at 11:12 PM, Florian Weimer wrote:

And it's certainly a bug worth fixing.


I doubt it's a 'bug' which can be 'fixed', just the same as sending enough legitimate HTTP requests to a Web server to 
bring it to its knees isn't a 'bug' which can be 'fixed', but rather a DoS which must be mitigated via a variety of 
mechanisms.  It would be quite helpful if the original poster would detail the models/types/versions of the network 
devices in question, and possibly provide a sample query packet.

Part of the general issue here is the large disconnect between the traditional security research community and the 
networking community; with a few notable exceptions, there isn't a lot of mutual discussion and understanding, and 
certainly no understanding of network infrastructure device architectures, best current practices (BCPs), and so forth.

One of the most fundamental BCPs is that one must make use of various network infrastructure self-protection mechanisms 
to keep undesirable traffic away from the control and management planes of said network infrastructure.  Here's a .pdf 
presentation which discusses network infrastructure self-protection:

<http://files.me.com/roland.dobbins/prguob>

Firing a bunch of SNMP queries at network infrastructure devices and causing network disruption as a result isn't 
anything new, it's a well-understood phenomenon with a well-understood - in the network operational community, at least 
- remedy via making use of the appropriate self-protection mechanisms built into most modern network infrastructure 
devices.  

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
  - Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 01)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
    - Re: Should nmap cause a DoS on cisco routers? Florian Weimer (Jul 01)
    - Re: Should nmap cause a DoS on cisco routers? AMILABS (Jul 01)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
    - Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Lee (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? AMILABS (Jul 03)
    - Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)

(Thread continues...)