Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Re: killing suns with nmap

Re: killing suns with nmap

From: Alek O. Komarnitsky (N-CSC) <alek_at_ast.lmco.com>
Date: Fri, 07 Apr 2000 16:35:53 -0600 (MDT)

> From: Ed Arnold <era_at_ucar.edu>
> Subject: killing suns with nmap
> To: FOCUS-SUN_at_securityfocus.com
>
> I'm interested in knowing if anyone here has come up with a combination
> of nmap args which will kill a solaris-7 machine with current patches.
> I've run nmap with various args against a couple solaris-7 machines with
> current (14 Mar 2000) recommended patchset installed; have not been able
> to make them croak.

FYI: There was a discussion about this recently on the nmap
discussion list - I started it! ;-)

Using nmap-web (more details below), I was able to crash a few inetd/machines,
but I think this was because I was agressive with some of the timeouts - since
I've scaled this back a bit, I have not seen this problem ... plus most of
the machines I saw it with earlier were semi-vintage machines.

BTW, it's not "really" nmap's "fault" if there is a fragile TCP/IP stack
out there ... although I can see where people might say otherwise! ;-)

I wrote earlier to security-focus:
   FYI FWIW: nmap is an awesome tool ... I recently wrote a
   quick-dirty web interface to this that basically condenses
   the output of nmap scans on various ports on lots of machines.

   It was originally written to "search/crawl" for web servers
   by testing port 80, but it expanded a bit from there.
   I.e. it was mostly written for the "white hats" as a means
   of seeing what is open ... I'm sure there is pretty snazzy
   tools out there written and in-use by the "black hats" ;-)

   A screenshot, documentation, and tarball can be found at:
      http://www.komar.org/komar/alek/ -> Misc. Tech Stuff -> nmap-scan
   Just a Perl/CGI script with some HTML ... VERY easy to tweek, configure,
   and install into your environment.

I remember reading that Fyodor changed the nmap format slightly;
so I just tested Beta18 and fixed nmap-web to handle this ... plus
I added a few more tidbits in there with version 1.2 ... ;-)

alek

P.S. FYI Ed: One of your colleges at NCAR wrote to the nmap list
about killing machines with nmap ... I'll let him discose who he is;
but he said he had to buy a lot of beer for the fellow Sysadmins! ;-)
Received on Apr 07 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos