Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Known issues with nmap and TOE?

From: Brian Milliron <brian.milliron () foresite com>
Date: Thu, 1 Jul 2021 11:06:32 -0500
Recently I had an nmap scan (flags -n -A and -p 1-65535) DoS a
customer's network. This is the first time I have encountered this so I
did some digging to find out what went wrong. The scan logs stop on
some network hardware from Chelsio Communications. I'm not familiar
with them, but they sell a line of products that seem to be involved
in some kind of TCP offloading which they call Unified Wire and
Protocol Acceleration. From what I can tell there is some transparent
proxy going on which breaks the connection between sender and receiver.
It isn't clear to me how or why this would result in a DoS condition.
(the bandwidth generated by the scan overloaded a 10G switch)

I wanted to see if there are any known issues with nmap scans on a
network using TOE generally or Chelsio Communications equipment
specifically and to suggest nmap develop some monitoring features to
detect/prevent this from occuring.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: