Re: HACMP and port scansFrom: Andrew Leonard (firstname.lastname@example.org)
- Previous message: Ali, Farrad: "RE: HACMP and port scans"
- In reply to: Eoin D. Fleming: "HACMP and port scans"
- Next in thread: Jordan Klein: "Re: HACMP and port scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: email@example.com Subject: Re: HACMP and port scans Message-ID: <firstname.lastname@example.org> Date: Tue, 25 Sep 2001 11:08:23 -0700 (PDT) From: Andrew Leonard <email@example.com>
Quoting "Eoin D. Fleming" <firstname.lastname@example.org>:
> It appears that IBM's HACMP 4.4 clustering software can be induced to
> fail simply by port scanning clustered machines, has anyone come accross
> this vulnerability and is there a workaround?
I have not seen this particular vulnerability, having never used HACMP.
However, I did see a very similar thing on Compaq's TruCluster product two jobs
ago: If port-scanned from a machine without a PTR record in DNS, the cluster
would develop split-brain syndrome. At management's request, this was kept
quiet (as in, not posted here), and we worked with Compaq to develop a patch.
This was back in 1999, and applied to TruCluster 1.5 (I think...). I never saw
an advisory about this from Compaq, so as far as I know this was quietly rolled
into TruCluster updates.
-- Andrew Leonard Geospiza, Inc. 3939 Leary Way NW Seattle, WA 98107 (206) 633-4403; (206) 633-4415 (fax)