Nmap Development mailing list archives
Re: NMAP brings down Exchange Cluster?
From: Verde Denim <tdldev () gmail com>
Date: Fri, 6 May 2011 10:14:06 -0400
I would agree with Mike on the approach, although I would also ask for a look at how the Exchange server is configured. Sounds like it's not on strong footing. I ran a scan at two of my systems with those same switches and didn't see anything crash. Alternatively, you could run the same scan while the admin is watching their logs so you could compare notes on how the throttling of the scan is affecting the server; maybe that would help them discover the performance issue. It may be that you've discovered something about their server setup that they weren't aware of, which is, in and of itself, a remediable vulnerability. - Jack On Fri, May 6, 2011 at 8:57 AM, Michael Pattrick <mpattrick () rhinovirus org>wrote:
Both an interesting and testable assertion! Do these crashes occur mid scan? If so, you could be partially to blame(along with whoever configured such a delicate exchange installation). If not, try to give up scanning for a few weeks, Nmap is off the hook if more infrastructure problems occur. The command line parameter you gave are quite benign, and shouldn't be capable of taking down any server. So I doubt Nmap it to blame. -M On 2011-05-05, at 9:18 AM, "Siegle, Christopher J." < Christopher.Siegle () klgates com> wrote:Hi nmappers. Recently, my infrastructure peers have asserted that my use of nmap toscan our data center has caused various problems including bringing down FOLB clusters (Exchange servers). Although I think this is highly unlikely, I wanted to get some feedback on this issue.I am using the following command line switches: -T3 -sS -F -O -oX sometimes d4 I appreciate your time. ================================== Christopher J. Siegle "Chris" Software Architect K&L Gates, LLP K&L Gates Center 210 Sixth Avenue Pittsburgh, PA 15222-2613 (412) 355-8659 mailto:christopher.siegle () klgates com This electronic message contains information from the law firm of K&LGates LLP. The contents may be privileged and confidential and are intended for the use of the intended addressee(s) only. If you are not an intended addressee, note that any disclosure, copying, distribution, or use of the contents of this message is prohibited. If you have received this e-mail in error, please contact me at Christopher.Siegle () klgates com._______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 05)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Hani Benhabiles (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- Re: NMAP brings down Exchange Cluster? Verde Denim (May 06)