Re: [PEN-TEST] New DoS ? (was: Re: "Type-of-webserver"-scanner?)

[Brian Russo <brusso () PHYS HAWAII EDU>]

On Tue, Dec 12, 2000 at 12:23:51PM +0200, Guy Cohen wrote:
> Jay D. Dyson <jdyson () treachery net> wrote:
> >     As an aside, *don't* use an NMAP Beta version when doing this sort
> > of thing.  I did that with my first web-scan and Lordy Sweet Jesus, it was
> > like DoS in a Can.  I had Solaris boxen falling over and dying all over
> > the place.  Now I use only the last stable release of that utility.  :)

incidentally, i found this paragraph quite amusing, great way to start my day
:)

> This sound very bad. Can someone verify that ?

this isn't limited to just solaris, although there are probably more old
solaris boxes out there than other OS'..

~15 nanoseconds on google..

solaris 2.6
http://lists.insecure.org/nmap-hackers/1999/Jan-Mar/0254.html
sun + fw1 (more of an fw1 issues, but still..)
http://www.securityfocus.com/bid/576.html
generic advisory (incl solaris)
http://www.hackersclub.com/km/library/hack99/nmap-DoS-2.txt
similar generic advisory, listing some affected os'
http://archives.indenial.com/hypermail/bugtraq/1998/December1998/0178.html

i'm sure you can find similar advisories..
nmap, or any similar scanner, especially with -O, i think can be a bit
rigorous on an OS/daemon, in the case of older unpatched solaris.. well..

anyone know if more recent incarnations of sun's stuff is vulnerable?

--
Brian Russo <brusso () phys hawaii edu> GPG ID: 54D81666
404E 87E8 DD0C 275B 742B  09AD 2243 839C 54D8 1666
http://www.phys.hawaii.edu/~brusso/gpg_brian.asc
magnus frater spectat te - encrypt whenever possible