Penetration Testing mailing list archives
RE: Nmap issues...? or router?
From: Joe Dauncey <toothbrushhead () yahoo com>
Date: Wed, 10 Oct 2001 16:28:49 +0100
I don't know if this is related? It causes a reload when scanned on certain ports and certain levels of IOS.
http://www.cisco.com/warp/customer/707/ios-tcp-scanner-reload-pub.shtml At 22:20 09/10/2001, Ben Tetu-Pappas wrote:
This is a known cisco bug. Their documentation on the bug says something like 'port scanning tools can create a situation where the router CPU utilization goes to 100%'. I don't recall if there is an IOS upgrade to fix this, so call Cisco and ask or go look through their online documentation to see if you IOS is possibly affected. ben tetu-pappas -----Original Message----- From: Josha Bronson To: bluefur0r bluefur0r Cc: pen-test () securityfocus com Sent: 10/7/2001 8:48 PM Subject: Re: Nmap issues...? or router? On Sun, Oct 07, 2001 at 02:39:31AM -0000, bluefur0r bluefur0r said: > After just completeing an audit for a company that has a DS-3 > connection (shared) and a cisco router (2015), One of the first issues > that was found was this: When nmaping using -sS and all ports, 1 nmap > scan nmaping 1 host at a time appeared to completely destroy their > bandwidth... Has anyone heard of this? Could this be a Router or ISP > problem??? It took very long to complete because i needed to use the > -T Polite option. I'm just curious if anyone else has ever encountered > nmap using up all network resources for such a high volume connection. > Any help would be appreciated so this never happens again. *Luckily I > started after hours* > blue Yes, I've seen this before. During and internal audit, one laptop scaning with nmap brought a LAN router to 100% CPU utilization. I think that the router had to be rebooted, but I can't remember. The router was a Cisco, of the 7000 series I believe. Sorry for the lack of facts, it was a while ago... I've meant to look into it again and try to pin down exactly what is going on here, but there never really seems to be a good time to nail a router that is in use, according to management. I've also spoken about this with a few other folks who have seen the same thing. Anyway, someone with spare time and a test network with a Cisco router should probably try and figure out what causes this. :) -- josha.bronson(aka->dmuz) >> dmuz () angrypacket com networks/systems/security && CCNA, RHCE josha.net || dmuz.angrypacket.com ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Joe Dauncey Email: toothbrushhead () yahoo com PGP Key ID: 0xEAA034D4 _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Nmap issues...? or router? bluefur0r bluefur0r (Oct 07)
- Re: Nmap issues...? or router? Stephen Perciballi (Oct 09)
- Re: Nmap issues...? or router? Blake Frantz (Oct 09)
- Re: Nmap issues...? or router? Ilici Ramirez (Oct 09)
- Re: Nmap issues...? or router? Alex Butcher (Oct 09)
- Re: Nmap issues...? or router? Josha Bronson (Oct 09)
- <Possible follow-ups>
- RE: Nmap issues...? or router? Ben Tetu-Pappas (Oct 09)
- Re: Nmap issues...? or router? William McVey (Oct 12)
- RE: Nmap issues...? or router? Joe Dauncey (Oct 10)