Re: [PEN-TEST] New DoS ? (was: Re: "Type-of-webserver"-scanner?)

["Lindqvist, Johan" <johan.lindqvist () DRIFTBOLAGET COM>]

> Jay D. Dyson <jdyson () treachery net> wrote:
> >     As an aside, *don't* use an NMAP Beta version when 
> doing this sort
> > of thing.  I did that with my first web-scan and Lordy 
> Sweet Jesus, it was
> > like DoS in a Can.  I had Solaris boxen falling over and 
> dying all over
> > the place.  Now I use only the last stable release of that 
> utility.  :)
>
> This sound very bad. Can someone verify that ?

Bugtraq, Sept 22 1999, http://www.securityfocus.com/archive/1/28337 lists
this. Note that this was done with nmap V 2.08 (not beta, AFAIK) using the
-O switch.

I've also seen reports on HP printers, Suns and X-servers crashing under the
situation where a powerful scanner had very good connection to the scanned
target, together with using sockop SO_DONTLINGER so it doesn't do a FIN, but
send RST directley.


/Johan

-- 
Johan Lindqvist
Security Specialist


DRIFTBOLAGET AB OLOF ASKLUNDSG 10 421 30 VÄSTRA FRÖLUNDA SWEDEN
PHONE: +46 8-23 92 00 FAX: +46 709-73 46 70
DIRECT: +46 31-760 43 07 MOBILE: +46 709-73 87 07 
johan.lindqvist () driftbolaget com http://www.driftbolaget.com