RE: Retina scans caused broadcast storms

From: Evans, Arian (Arian.Evans_at_fishnetsecurity.com)
Date: 11/24/04

  • Next message: Wayne Wooley: "RE: RE: CEH exam & hacking exposed" 
    Date: Wed, 24 Nov 2004 14:55:07 -0600
To: "dale ball" <dale_ball@yahoo.com>

    > -----Original Message-----
    > From: dale ball [mailto:dale_ball@yahoo.com]
    > Sent: Tuesday, November 23, 2004 12:34 PM
    > To: pen-test@securityfocus.com
    > Subject: Retina scans caused broadcast storms
    >
    > Has anyone ever caused a full blown broadcast storm by using
    > the Retina Security Scanner.

    No, but it is possible with any scanner, depending on what
    you are scanning and what port scanning options/ranges you
    have set in Retina (or Nessus or Foundscan or whatever). Some
    older network gear and *nixes will respond pretty happily to
    everyone with a bit of probing.

    Also, if you have fed Retina windows auth credentials and
    told it to do full log-on NTLM scans, and you also have
    speed set to '5', you are 100% guaranteed to see a performance
    impact on systems. Slower workstations may see a significant
    performance impact in application responsiveness and network
    connectivity.

    This can be avoided by using a less aggressive configuration.
    Retina pretty much does what you tell it to.

    HtH

    Arian Evans
    Sr. Security Engineer
    FishNet Security

    KC Office: 816.421.6611
    Direct: 816.701.2045
    Toll Free: 888.732.9406
    Fax: 816.474.0394

    http://www.fishnetsecurity.com

    The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material.
    Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities
    other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication
    in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system.

  • Next message: Wayne Wooley: "RE: RE: CEH exam & hacking exposed"

    Relevant Pages

    • RE: e-eye products
      ... > as, probably new listeners, I follow with interest the Bugtraq ... I am rather new to the security business, ... > know if someone has ever worked with e-eye products. ... Yoyo, yes I do, long time ago I start play with retina ...
      (Focus-IDS)
    • RE: MSBLASTER Infecting despite 03-026 patch?
      ... contiguous ranges input into its interface, ... file and loaded into Retina for scanning from the GUI or from ... | Information Security Technology ... http://eEye.com/Retina - Network Security Scanner ...
      (Incidents)