Re: Port scan causing system crashes

• Previous message: Anthony Kim: "Re: Port scan causing system crashes"
• In reply to: Renaud Deraison: "Re: Port scan causing system crashes"
• Next in thread: Helmut Springer: "Re: Port scan causing system crashes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 12 Jun 2003 17:00:03 -0400
To: pen-test@securityfocus.com

I should have added that this particular test was done in a lab setting ; ) . In general, your scanning methodology should take into account the vagaries of a network's critical infrastructure, and arrangements should be made to have appropriate personnel available to fix what might break. So don't go taking out all the switches at a remote site in the off hours.

Now a nice thing would be to have your network/ops group include "ability to survive reasonable vulnerability scans" as part of their system requirements, and/or incorporate such probes in acceptance testing for production rollouts. But in this vale of tears we take what we are sent ; )

Clem Skorupka

Renaud Deraison wrote:

> On Thu, Jun 12, 2003 at 11:55:26AM -0400, Clem Skorupka wrote:
>
> > I had a case where an rpc scan using nessus (I forget the particular module or if it was the nmap precursor scan, this was a couple of years ago) against some large range of ports knocked out an allegro-based embedded web server on a network switch. It didn't crash this particular switch (though one had to reboot the switch in order to bring back the web interface).
>
> The bottom line is that as soon as you start to interfere with another
> host, you can never predict how it will react to actions that it has
> never been designed to handle, so no scan is totally risk-free[1], and
> it's often very hard to find the balance between a 99.9% accurate
> security audit and a non-intrusive one. Note that this does not only
> affects Nessus+Nmap, but any network vulnerability scanner.

snip

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Anthony Kim: "Re: Port scan causing system crashes"
• In reply to: Renaud Deraison: "Re: Port scan causing system crashes"
• Next in thread: Helmut Springer: "Re: Port scan causing system crashes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: U R G E N T - WHY IN THE HELL IS FP 2002 SUDDENLY GHOSTING BODY CONTENTS? ... Do you have the Service Packs installed? ... Make sure you (and your host) see & apply patches from: ... For Unix server problems on the FP2002 SE see ... > bottom, and all of what use to be at the bottom of the page is now gone! ... (microsoft.public.frontpage.client) Re: Finding out original source of e-mail ... This bit at the bottom is the transcript of the original email. ... bounce messages include it, some do not. ... Host not found. ... (freebsd-questions) Re: double shared border on bottom ... Check the page in FrontPage, ... This was running fine before on my host but then I ... file on my computer that seems to really like this bottom border......any ... >> To assist you in getting the best answers for FrontPage support see: ... (microsoft.public.frontpage.programming) Re: Your Host Is Your Friend? ... LOL, yeah, remember who your host really answers to. ... the bottom of that page too. ... (alt.vacation.las-vegas) Re: debugging mode ... My reply is at the bottom of your sent message: ... > what can i do in debugging whent to f8 on start up and found this ... applications that interfere. ... You can restore. ... (microsoft.public.windowsxp.general)