RE: Retina scans caused broadcast storms

• Previous message: Wayne Wooley: "RE: RE: CEH exam & hacking exposed"
• In reply to: dale ball: "Retina scans caused broadcast storms"
• Next in thread: DokFLeed: "Re: Retina scans caused broadcast storms"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'dale ball'" <dale_ball@yahoo.com>, <pen-test@securityfocus.com>
Date: Wed, 24 Nov 2004 16:46:17 -0500

I'm not sure without knowing more about the nature of the scan (how fast you
were running it, whether you were on the local network or doing it remotely,
etc.) but I can think of something that would cause this. Let's say you
have a subnet with 23 stop bits, being about 2 class C's in size. Now
assume that it's only about 25% populated, for example...if you do a port
scan where you assume that hosts cannot be pinged, for every port on each
unused IP you're going to trigger some "who has W.X.Y.Z?" arp requests. And
since those requests, unlike ones for systems that actually do exist, won't
be answered, they also won't be cached anywhere, which means that for EVERY
port you scan, you'll be triggering 75% x 510 = about 380 arp requests. And
if you're scanning really fast...that's going to raise hell with things.

> -----Original Message-----
> From: dale ball [mailto:dale_ball@yahoo.com]
> Sent: Tuesday, November 23, 2004 1:34 PM
> To: pen-test@securityfocus.com
> Subject: Retina scans caused broadcast storms
>
>
> Has anyone ever caused a full blown broadcast storm by using
> the Retina Security Scanner.
>
> Its looks as if I may caused a severe slow down on a network
> recently and think the scanner may have caused it. What I am
> trying to determine is whether existing problems in the
> switching enviroment may have been exaserbated by the use of
> the scanner.
>
> Anybody else ever experience these sorts of issues with Retina?
>
> dale
>
>
>
> __________________________________
> Do you Yahoo!?
> The all-new My Yahoo! - Get yours free!
> http://my.yahoo.com
>
>
>
>

• Previous message: Wayne Wooley: "RE: RE: CEH exam & hacking exposed"
• In reply to: dale ball: "Retina scans caused broadcast storms"
• Next in thread: DokFLeed: "Re: Retina scans caused broadcast storms"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Retina scans caused broadcast storms ... It can be caused by any scanner in cases of running it across subnets. ... Retina scans caused broadcast storms ... Has anyone ever caused a full blown broadcast storm by using the Retina ... The all-new My Yahoo! ... (Pen-Test) Re: Retina scans caused broadcast storms ... Cisco Catalyst Switches did not like the scan. ... on a production network. ... >the scanner may have caused it. ... >Anybody else ever experience these sorts of issues with Retina? ... (Pen-Test) Re: Retina scans caused broadcast storms ... but they should had it fixed, try to use less connections on the OPTIONS, it ... will take more time to scan, but wouldn't hog your network. ... > the scanner may have caused it. ... > Anybody else ever experience these sorts of issues with Retina? ... (Pen-Test) Re: Iptables udp problems ... > another computer on my local network, scanner shows all udp ports ... Are you using nmap on the other computer? ... (comp.security.firewalls) Retina scans caused broadcast storms ... Has anyone ever caused a full blown broadcast storm by using the Retina ... Its looks as if I may caused a severe slow down on a network recently and think ... the scanner may have caused it. ... The all-new My Yahoo! ... (Pen-Test)