Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Port scan causing system crashes
From: Clem Skorupka <ragnor () mitre org>
Date: Thu, 12 Jun 2003 17:00:03 -0400

I should have added that this particular test was done in a lab setting ; ) .  In general, your scanning methodology 
should take into account the vagaries of a network's critical infrastructure, and arrangements should be made to have 
appropriate personnel available to fix what might break.  So don't go taking out all the switches at a remote site in 
the off hours.

Now a nice thing would be to have your network/ops group include "ability to survive reasonable vulnerability scans" as 
part of their system requirements, and/or incorporate such probes in acceptance testing for production rollouts.  But 
in this vale of tears we take what we are sent ; )

Clem Skorupka

Renaud Deraison wrote:

On Thu, Jun 12, 2003 at 11:55:26AM -0400, Clem Skorupka wrote:

I had a case where an rpc scan using nessus (I forget the particular module or if it was the nmap precursor scan, 
this was a couple of years ago) against some large range of ports knocked out an allegro-based embedded web server 
on a network switch.  It didn't crash this particular switch (though one had to reboot the switch in order to bring 
back the web interface).

The bottom line is that as soon as you start to interfere with another
host, you can never predict how it will react to actions that it has
never been designed to handle, so no scan is totally risk-free[1], and
it's often very hard to find the balance between a 99.9% accurate
security audit and a non-intrusive one. Note that this does not only
affects Nessus+Nmap, but any network vulnerability scanner.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]