Firewall Wizards mailing list archives
Re: Pix crashing with ISS snmp checks
From: Adam Shostack <adam () homeport org>
Date: Thu, 4 Mar 1999 10:21:43 -0500
On Wed, Mar 03, 1999 at 06:10:57PM -0500, Eric Budke wrote: | I'm trying to track down version numbers for this, but it appears that with | ISS 5.6.2 in the snmp check section that we successfully killed a pix | router (the OS version is in question). | | Is there a habit of this happening? | We weren't running DOS checks, and I haven't been able to try other snmp | checks against it...client is a little hesitant until after their | post-mortem. The problem here is not with ISS, but with the PIX. If I can run an easily available tool and crash your firewall, you have a serious problem. There are checks in every security scanner which will crash a target unexpectedly; scanners, by their nature, work outside the bounds that the system designers anticipated. We all try to minimize the DOS effects, and ensure that we warn you when you hit them, but a firewall really should be able to handle the full bore scan without blinking. If it repeatedly can't, I urge you to get a refund. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Pix crashing with ISS snmp checks Eric Budke (Mar 04)
- Re: Pix crashing with ISS snmp checks Adam Shostack (Mar 05)
- Re: Pix crashing with ISS snmp checks Eric Budke (Mar 05)
- Re: Pix crashing with ISS snmp checks Ted Doty (Mar 06)
- Re: Pix crashing with ISS snmp checks David LeBlanc (Mar 09)
- Dialog on Microsoft's Proxy server? Don Tuer (Mar 10)
- RE: Dialog on Microsoft's Proxy server? Peter Hunt (Mar 11)
- RE: Dialog on Microsoft's Proxy server? David LeBlanc (Mar 12)
- Re: Dialog on Microsoft's Proxy server? Phil Cox (Mar 11)
- Re: Pix crashing with ISS snmp checks Eric Budke (Mar 05)
- Re: Pix crashing with ISS snmp checks Adam Shostack (Mar 05)
- <Possible follow-ups>
- Re: Pix crashing with ISS snmp checks H. Morrow Long (Mar 06)