Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Port scan causing system crashes
From: "OBrien, Brennan" <BOBrien () columbia com>
Date: Thu, 12 Jun 2003 08:21:25 -0700

Steve, 

Yes, I've seen Nessus lock up AS400s and Unix boxes.  What I find most
effective (if incredibly tedious) is to turn all of the scans off, then
turn them on group by group (and eventually individually) until you
trigger the problem in order to track down what is causing the problem.
Obviously, I would recommend working with the sysadmin to coordinate any
impacts and lessen problems in production. 

Good luck!
Brennan


-----Original Message-----
From: steve.x.jones () royalmail com [mailto:steve.x.jones () royalmail com] 
Sent: Thursday, June 12, 2003 4:23 AM
To: pen-test () securityfocus com
Subject: Port scan causing system crashes



Hello

Please can you help?  Has any-one else out there had issues with NMAP
port scans
(or any other port scanner) causing systems to crash?

I use Nessus to baseline the security of our systems and have twice had
problems
caused by the NMAP port scan on clustered unix boxes running our
enterprise
applications.  NOTE - it was the initial port scan that caused the
problems, not
the subsequent vulnerability assessment.
I've done a quick Google search and found confirmation for one of the
systems -
BUGTRAQ Vulnerability 3358, "IBM HACMP Port Scan Denial of Service
Vulnerability",
the other was a bespoke app running on some HP UX boxes.

Does any-one know of other systems that fall over with a simple port
scan?

Up til now I've been running port scans happily across our subnets to
look for
rogue FTP, SMTP, HTTP etc, obviously I'll have to take more care now...

Thanks in advance for any help.

Steve



This  email  and  any  attachments  are confidential and intended for
the addressee
only.   If  you are not the named recipient, you must not use, disclose,
reproduce,
copy  or  distribute the contents of this communication.  If you have
received this
in error, please contact the sender and then delete this email from your
system.



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault