Nmap Development mailing list archives
RE: NMAP brings down Exchange Cluster?
From: "Siegle, Christopher J." <Christopher.Siegle () klgates com>
Date: Fri, 6 May 2011 09:48:15 -0400
Here are the ports nmap found on one of the cluster machines. RPC is suspect, but that assumes that nmap is creating an endpoint and testing. I'm not sure it does that. PORT STATE SERVICE 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-term-serv 6001/tcp open X11:1 ________________________________ From: Hani Benhabiles [mailto:kroosec () gmail com] Sent: Friday, May 06, 2011 9:18 AM To: Siegle, Christopher J. Cc: Michael Pattrick; nmap-dev () insecure org Subject: Re: NMAP brings down Exchange Cluster? It would be also interesting if you could provide some packet capture or check it yourself and tell more about at what parts of the scan the problems do occur. --Hani On Fri, May 6, 2011 at 2:10 PM, Siegle, Christopher J. <Christopher.Siegle () klgates com<mailto:Christopher.Siegle () klgates com>> wrote: I asked if we could test this against our secondary data center. I'll share results if the test actually occurs. Have you seen this happen before? What did nmap do to create such a problem? -----Original Message----- From: nmap-dev-bounces () insecure org<mailto:nmap-dev-bounces () insecure org> [mailto:nmap-dev-bounces () insecure org<mailto:nmap-dev-bounces () insecure org>] On Behalf Of Michael Pattrick Sent: Friday, May 06, 2011 8:58 AM To: Siegle, Christopher J. Cc: nmap-dev () insecure org<mailto:nmap-dev () insecure org> Subject: Re: NMAP brings down Exchange Cluster? Both an interesting and testable assertion! Do these crashes occur mid scan? If so, you could be partially to blame(along with whoever configured such a delicate exchange installation). If not, try to give up scanning for a few weeks, Nmap is off the hook if more infrastructure problems occur. The command line parameter you gave are quite benign, and shouldn't be capable of taking down any server. So I doubt Nmap it to blame. -M On 2011-05-05, at 9:18 AM, "Siegle, Christopher J." <Christopher.Siegle () klgates com<mailto:Christopher.Siegle () klgates com>> wrote:
Hi nmappers. Recently, my infrastructure peers have asserted that my use of nmap to scan our data center has caused various problems including bringing down FOLB clusters (Exchange servers). Although I think this is highly unlikely, I wanted to get some feedback on this issue. I am using the following command line switches: -T3 -sS -F -O -oX sometimes d4 I appreciate your time. ================================== Christopher J. Siegle "Chris" Software Architect K&L Gates, LLP K&L Gates Center 210 Sixth Avenue Pittsburgh, PA 15222-2613 (412) 355-8659<tel:%28412%29%20355-8659> mailto:christopher.siegle () klgates com<mailto:christopher.siegle () klgates com> This electronic message contains information from the law firm of K&L Gates LLP. The contents may be privileged and confidential and are intended for the use of the intended addressee(s) only. If you are not an intended addressee, note that any disclosure, copying, distribution, or use of the contents of this message is prohibited. If you have received this e-mail in error, please contact me at Christopher.Siegle () klgates com<mailto:Christopher.Siegle () klgates com>. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 05)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Hani Benhabiles (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- Re: NMAP brings down Exchange Cluster? Verde Denim (May 06)