Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Port scan causing system crashes
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Thu, 12 Jun 2003 16:58:14 -0400



-----Original Message-----
From: Renaud Deraison [mailto:deraison () nessus org] 
Sent: Thursday, June 12, 2003 3:01 PM
To: pen-test () securityfocus com
Subject: Re: Port scan causing system crashes


On Thu, Jun 12, 2003 at 11:55:26AM -0400, Clem Skorupka wrote:

I had a case where an rpc scan using nessus (I forget the 
particular 
module or if it was the nmap precursor scan, this was a couple of 
years ago) against some large range of ports knocked out an 
allegro-based embedded web server on a network switch.  It didn't 
crash this particular switch (though one had to reboot the 
switch in 
order to bring back the web interface).


The bottom line is that as soon as you start to interfere 
with another host, you can never predict how it will react to 
actions that it has never been designed to handle, so no scan 
is totally risk-free[1], and it's often very hard to find the 
balance between a 99.9% accurate security audit and a 
non-intrusive one. Note that this does not only affects 
Nessus+Nmap, but any network vulnerability scanner.


This brings to mind the Iron Triangle of network security assessment:
Fast, Comprehensive, Low Impact.  More of any one means less of the
other two...

Phil

---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault