Full Disclosure mailing list archives
Re: Should nmap cause a DoS on cisco routers?
From: Fyodor <fyodor () insecure org>
Date: Tue, 6 Jul 2010 23:15:52 -0700
On Thu, Jul 01, 2010 at 08:01:26PM -0400, Dan Kaminsky wrote:
Permanent DoS's are unacceptable even from intentionally malicious traffic, let alone a few nmap flags.
Hi Dan. I Agree, and this wasn't even a very intense Nmap scan (see Brandon Enright's summary at http://seclists.org/pen-test/2010/Jun/68).
I will grant you that network isolation is indeed best practice, but broken code is not something to apologize for or mitigate against. It's something to apply real pressure against. If we can't get pissed, how is that QA guy supposed to block shipment?
Absolutely! And while people are in a mood to pressure vendors of crappy networking devices, please talk to Hewlett-Packard! Out of all the devices, operating systems, ports, and protocols out there, only one is so fragile and insecure that we had to exclude it from Nmap version detection by default. That is HP JetDirect (TCP ports 9100-9107). No matter what random crap you spew at the port, it will generally either crash the machine or start spewing out paper. When Nmap version detection was first released 7 years ago, we had so much immediate feedback about HP printer problems that we "temporarily" blocked those ports by default to give HP a chance to fix the problems. We're still waiting for that to happen! The HP printer I bought this year still goes haywire and starts beeping and spewing paper if I enable the HP JD ports by scanning it with "nmap -A --allports hostname". We even tried to understand the protocol and wrote a cute little Nmap NSE script to set an HP printer's status message (to things like "insert 25 cents", heh). Even that simple program, which didn't require any authentication, crashed HP printers so often that we abandoned development. Pardon my mini-rant, but I agree completely that network device makers such as HP need to start showing some resiliency. If Nmap can crash them by accident, how can they be expected to hold up to real attacks? Cheers, Fyodor _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Should nmap cause a DoS on cisco routers?, (continued)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? AMILABS (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Mailing lists at Core Security Technologies (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Fyodor (Jul 06)
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 07)
- Re: Should nmap cause a DoS on cisco routers? Benji (Jul 08)
- Message not available
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 08)
- Re: Should nmap cause a DoS on cisco routers? Florian Weimer (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Christian Sciberras (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Michal (Jul 02)