Re: Should nmap cause a DoS on cisco routers?

[Thierry Zoller <Thierry () Zoller lu>]

Slippery Slopes everywhere :

DR> Again, causing the RP CPU to go to 100% due to punted
DR> management-plane traffic isn't a new phenomenon
1. Nobody claimed it to be a new phenomenon
2. He is not saturating anything.

DR> Of course PSIRT will ask for details, as they should; my point is
DR> that there's likely nothing new to see here,
Oh that's the point now? I thought your point was that it is not a security "bug".
I agree on the "nothing new"  here,  "new" however  is  not a relevant attribute to
decide on whether it is a vulnerability or not.

DR> Even if there is something new, here - which I doubt - it's
DR> important that folks understand that there are BCPs they can
We   heard   your  BCPs  and  XZY  clearly,  doesn't make it less of a
vulnerability.

DR> The original poster asked if this were a configuration issue -
DR> and the answer is, yes
Interesting, how do you know ?
1. you do not know what caused the problem
2. you do obviously do not know what packets caused the problems

If   it   is   a  default  configuration  and you can remotely cause a
denial of service condition  :  it  is a vulnerability.

If   it   is   a non standard configuration  and you can remotely cause a
denial of service condition  :  it  is a vulnerability.

DR> vulnerabilities - as opposed to merely saturating the RP of a
DR> given network device with management-plane traffic.  Some of them
Last  time  :  He appears to not be saturating anything. nmap -sV does
surely not create saturisation...

DR> And many of them could be mitigated via BCPs until such time as
DR> fixed code could be deployed, as well.
There it is again, BCP. Is this the new "IDS" ?



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/