Nmap Announce mailing list archives
Re: Safe scanning
From: "James D. Watson" <jwatson0 () erols com>
Date: Tue, 21 Mar 2000 22:24:49 -0500
Hello, In case you're interested, here's a little war story that is _not_ nmap related, but which an nmap scan identified for us. Sorry if this is old news. A bunch of our Solaris 2.5 boxes had an incorrect file entry for the Font Server ("fs" service, port 7100) in /etc/inet/inetd.conf. It referenced a file that doesn't exist or at least didn't exist where inetd.conf was looking (sorry, can't remember what it is right now). (I think the file was fs.auto?) Anyway, any connection to port 7100 on those machines would sent inetd into a tight fork()/exec()[failed, ENOENT] loop and spin up the CPU usage to 100%. In our case, we triggered this on a bunch of boxes with an nmap scan; once we discovered the bug we were able to be more careful -- in our case, we didn't scan port 7100 and sent out an alert to our admins to clean up their boxes. Hope that's useful. -jw
Current thread:
- Safe scanning Teolicy (Mar 21)
- Re: Safe scanning andy lowton (Mar 21)
- Re: Safe scanning Bruce Fraser (Mar 21)
- <Possible follow-ups>
- Re: Safe scanning Jonathan Day (Mar 21)
- Re: Safe scanning Alek O. Komarnitsky (Mar 21)
- Re: Safe scanning James D. Watson (Mar 21)