Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NMAP brings down Exchange Cluster?
From: Verde Denim <tdldev () gmail com>
Date: Fri, 6 May 2011 10:14:06 -0400

I would agree with Mike on the approach, although I would also ask for a
look at how the Exchange server is configured. Sounds like it's not on
strong footing. I ran a scan at two of my systems with those same switches
and didn't see anything crash. Alternatively, you could run the same scan
while the admin is watching their logs so you could compare notes on how the
throttling of the scan is affecting the server; maybe that would help them
discover the performance issue. It may be that you've discovered something
about their server setup that they weren't aware of, which is, in and of
itself, a remediable vulnerability.

- Jack

On Fri, May 6, 2011 at 8:57 AM, Michael Pattrick
<mpattrick () rhinovirus org>wrote:

Both an interesting and testable assertion! Do these crashes occur mid
scan? If so, you could be partially to blame(along with whoever configured
such a delicate exchange installation). If not, try to give up scanning for
a few weeks, Nmap is off the hook if more infrastructure problems occur.

The command line parameter you gave are quite benign, and shouldn't be
capable of taking down any server. So I doubt Nmap it to blame.

-M

On 2011-05-05, at 9:18 AM, "Siegle, Christopher J." <
Christopher.Siegle () klgates com> wrote:

Hi nmappers.

Recently, my infrastructure peers have asserted that my use of nmap to
scan our data center has caused various problems including bringing down
FOLB clusters (Exchange servers).  Although I think this is highly unlikely,
I wanted to get some feedback on this issue.

I am using the following command line switches:

-T3
-sS
-F
-O
-oX

sometimes d4

I appreciate your time.

==================================
Christopher J. Siegle "Chris"
Software Architect
K&L Gates, LLP
K&L Gates Center
210 Sixth Avenue
Pittsburgh, PA 15222-2613 (412) 355-8659
mailto:christopher.siegle () klgates com

This electronic message contains information from the law firm of K&L
Gates LLP.  The contents may be privileged and confidential and are intended
for the use of the intended addressee(s) only.  If you are not an intended
addressee, note that any disclosure, copying, distribution, or use of the
contents of this message is prohibited.  If you have received this e-mail in
error, please contact me at Christopher.Siegle () klgates com 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault