Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Port scan causing system crashes
From: Anthony Kim <Anthony.Kim () VWCREDIT COM>
Date: Thu, 12 Jun 2003 14:02:43 -0500

On Thu, Jun 12, 2003, steve.x.jones () royalmail com wrote:



Hello

Please can you help?  Has any-one else out there had issues with NMAP port scans
(or any other port scanner) causing systems to crash?

I use Nessus to baseline the security of our systems and have twice had problems
caused by the NMAP port scan on clustered unix boxes running our enterprise
applications.  NOTE - it was the initial port scan that caused the problems, not
the subsequent vulnerability assessment.
I've done a quick Google search and found confirmation for one of the systems -
BUGTRAQ Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability",
the other was a bespoke app running on some HP UX boxes.

Does any-one know of other systems that fall over with a simple port scan?

Up til now I've been running port scans happily across our subnets to look for
rogue FTP, SMTP, HTTP etc, obviously I'll have to take more care now...

ISS NFS scans totally fsck up our HP-UX NFS.  We believe the problem
lies in client biod's and cacheing.  After a scan, NFS writes
fail while NFS reads work fine.  To fix the problem, on each
client we remount using a hardmount, write a large file over NFS,
then remount using a softmount.  This seems to clear it up.
Remounting using NFSv1 as opposed to NFSv3 also fixes the issue,
which makes me believe that asynchronous writes and cacheing are
at the heart of the problem.

We also confirmed that port scanning our Nortel switches lock
them hard, too.


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]