Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs?

RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs?

From: Brahnda A. Eleazar <brahnda.e_at_hermisconsulting.com>
Date: Thu, 29 May 2008 09:33:09 +0700

Peace Adriano,

Which HP-UX was it?
Was it and 11.x one?

Thanks and Regards,
=ele=

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On Behalf Of Adriano Leite (DHL CZ)
Sent: Tuesday, May 27, 2008 2:40 PM
To: pen-test_at_securityfocus.com
Subject: RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs?

Just to complement, I also have seen it happening in non-patched HPUX
servers more or less a year ago...

That's why we have to think twice on running even a "simple" portscan in
production systems... :)

Adriano Dias Leite

Global -----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On
Behalf Of Brahnda A. Eleazar
Sent: Monday, May 26, 2008 4:09 AM
To: pen-test_at_securityfocus.com
Subject: RE: Dangerous in using nmap for AS/400 730 machine configured with
3 ASPs?

Peace all,

Many thanks for your comments...

For those of you bet on the IP stack problem, you win :)
We redid the scan last weekend to make sure of this.

The problem is more of the limitation of the OS/machine being scanned.
>From all the AS/400 machines being scanned, only the 730 machine was
seriously affected by nmap probes.
It automatically assign a user for the TCP/IP connection and started
numerous jobs (which had to be manually ended for them to stop).
The rest of them didn't have this problem -- newer machines and OS-es.

I agree with Jon that networking in this AS/400 is much more like an add-on
after thought :)
And it's pure luck in my opinion that no one before this brought the machine
down (they have a team which also does ports scanning to their production
servers, including this problematic one).
Oh well, at least I learned something new =)

Thanks and Regards,
=adley=

-----Original Message-----
From: Rick Zhong [mailto:sagiko_at_gmail.com]
Sent: Saturday, May 17, 2008 2:50 PM
To: Brahnda A. Eleazar
Cc: pen-test_at_securityfocus.com
Subject: Re: Dangerous in using nmap for AS/400 730 machine configured with
3 ASPs?

I will put my bet on the crash of IP stacks as well. Those systems
just can't handle the nmap probing packats properly. A very common
scenario is the systems open connections and allocate resources, but
fail to close them properly. I encountered these cases not only on
AS400, some old solaris OS also have similar issues.

On Fri, May 16, 2008 at 10:46 AM, Brahnda A. Eleazar
<brahnda.e_at_hermisconsulting.com> wrote:
> Peace all,
>
> I am wondering whether this is related or not.
> I was in the middle of beginning a pentest activity for a network segment
containing quite a number of AS400 (Production).
> I started with a simple nmap first to see what I am facing.
> My command was (IPs are masked) "nmap -sV -vv -p 8470-8476 -o
firsttry_port.nmap xxx.xxx.xxx.0/24"
> This lasted for about 15 minutes.
>
> After about 2 hours later, 2 out of 50+ identifiable machines started
having problems.
> They became very slow.
> Those two machines are using ASP (Auxiliary Storage Pools), 1 ASP on the
1st machine and 2 ASPs on the 2nd.
>
> I just want to get more information whether my nmap did anything "bad"? :)
>
> Thanks and Regards,
> =adley=
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 28 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]