> ACK. Most printers are junk. We have the same problem.
ACK. Same with HP-UX 10.x and CNR on Windows running the service in
debug mode - with experiementation one can narrow it down to a small
set of triggers, sometimes even a single packet. This is a
long-standing issue with poorly-written [usually legacy] apps that
Nmap just exposes, usually resulting in denial-of-service with the
occasional compromisable crash.
To reiterate (since I've had long arguments with UNIX greybeards and
firmware engineers that firmly believe otherwise), this is not a bug
in Nmap, it's an application bug. Some commercial scanners have
options for 'safe' scanning, which purport to turn off the
crash-inducing behavior, but tell that to the Zebra printers and
Symbol handsets I've seen crash just because too many TCP ports were
scanned.
RB
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 27 2007
Intro
