Nmap Development mailing list archives
Known issues with nmap and TOE?
From: Brian Milliron <brian.milliron () foresite com>
Date: Thu, 1 Jul 2021 11:06:32 -0500
Recently I had an nmap scan (flags -n -A and -p 1-65535) DoS a customer's network. This is the first time I have encountered this so I did some digging to find out what went wrong. The scan logs stop on some network hardware from Chelsio Communications. I'm not familiar with them, but they sell a line of products that seem to be involved in some kind of TCP offloading which they call Unified Wire and Protocol Acceleration. From what I can tell there is some transparent proxy going on which breaks the connection between sender and receiver. It isn't clear to me how or why this would result in a DoS condition. (the bandwidth generated by the scan overloaded a 10G switch) I wanted to see if there are any known issues with nmap scans on a network using TOE generally or Chelsio Communications equipment specifically and to suggest nmap develop some monitoring features to detect/prevent this from occuring. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Known issues with nmap and TOE? Brian Milliron (Jul 01)