Full Disclosure mailing list archives
Re: Should nmap cause a DoS on cisco routers?
From: Thierry Zoller <Thierry () Zoller lu>
Date: Thu, 1 Jul 2010 11:28:37 +0200
Hi Shang, If this is possible you have found a vulnerability. Any way to remotely cause DoS with special or harmless code is per se a vulnerability. Instead of telling somebody to not scan with -sV you are better of reporting the vulnerability (ies) Regards, Thierry coc> During my training classes I always tell the -sV switch is coc> dangerous and known to (sometimes) crash the target. coc> Usually a better tool to test open udp ports is unicornscan, but coc> that doesn't have a switch like -iL. Since you are testing your coc> own devices and you know the community string, you could insider coc> to loop through the list of IP's and snmpget a value from the MIB. coc> Cor coc> sent from a mobile device coc> ----Origineel bericht---- coc> Van: Shang Tsung coc> Verzonden: 30-06-2010 13:03:32 coc> Onderw.: Should nmap cause a DoS on cisco routers? coc> Hello, coc> Some days ago, I had the task to discover the SNMP version that our coc> servers and networking devices use. So I run nmap using the following coc> command: coc> nmap -sU -sV -p 161-162 -iL target_file.txt coc> This command was supposed to use UDP to probe ports 161 and 162, which coc> are used for SNMP and SNMP Trap respectively, and return the SNMP coc> version. coc> This "innocent" command caused most networking devices to crash and coc> reboot, causing a Denial of Service attack and bringing down the coc> network. coc> Now my question is.. Should this had happened? Can nmap bring the whole coc> network down from one single machine? coc> Is this a configuration error of the networking devices? coc> This is scary... coc> Shang Tsung coc> coc> ------------------------------------------------------------------------ coc> This list is sponsored by: Information Assurance Certification Review Board coc> Prove to peers and potential employers without a doubt that you coc> can actually do a proper penetration test. IACRB CPT and CEPT coc> certs require a full practical examination in order to become certified. coc> http://www.iacertification.org coc> ------------------------------------------------------------------------ coc> _______________________________________________ coc> Full-Disclosure - We believe in it. coc> Charter: http://lists.grok.org.uk/full-disclosure-charter.html coc> Hosted and sponsored by Secunia - http://secunia.com/ -- http://blog.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Florian Weimer (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? AMILABS (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Lee (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)