mailing list archives
Re: killing suns with nmap
From: "Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com>
Date: Fri, 07 Apr 2000 16:35:53 -0600 (MDT)
From: Ed Arnold <era () ucar edu>
Subject: killing suns with nmap
To: FOCUS-SUN () securityfocus com
I'm interested in knowing if anyone here has come up with a combination
of nmap args which will kill a solaris-7 machine with current patches.
I've run nmap with various args against a couple solaris-7 machines with
current (14 Mar 2000) recommended patchset installed; have not been able
to make them croak.
FYI: There was a discussion about this recently on the nmap
discussion list - I started it! ;-)
Using nmap-web (more details below), I was able to crash a few inetd/machines,
but I think this was because I was agressive with some of the timeouts - since
I've scaled this back a bit, I have not seen this problem ... plus most of
the machines I saw it with earlier were semi-vintage machines.
BTW, it's not "really" nmap's "fault" if there is a fragile TCP/IP stack
out there ... although I can see where people might say otherwise! ;-)
I wrote earlier to security-focus:
FYI FWIW: nmap is an awesome tool ... I recently wrote a
quick-dirty web interface to this that basically condenses
the output of nmap scans on various ports on lots of machines.
It was originally written to "search/crawl" for web servers
by testing port 80, but it expanded a bit from there.
I.e. it was mostly written for the "white hats" as a means
of seeing what is open ... I'm sure there is pretty snazzy
tools out there written and in-use by the "black hats" ;-)
A screenshot, documentation, and tarball can be found at:
http://www.komar.org/komar/alek/ -> Misc. Tech Stuff -> nmap-scan
Just a Perl/CGI script with some HTML ... VERY easy to tweek, configure,
and install into your environment.
I remember reading that Fyodor changed the nmap format slightly;
so I just tested Beta18 and fixed nmap-web to handle this ... plus
I added a few more tidbits in there with version 1.2 ... ;-)
P.S. FYI Ed: One of your colleges at NCAR wrote to the nmap list
about killing machines with nmap ... I'll let him discose who he is;
but he said he had to buy a lot of beer for the fellow Sysadmins! ;-)
- Re: killing suns with nmap Alek O. Komarnitsky (N-CSC) (Apr 07)