Penetration Testing mailing list archives
RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs?
From: "Brahnda A. Eleazar" <brahnda.e () hermisconsulting com>
Date: Thu, 29 May 2008 09:33:09 +0700
Peace Adriano, Which HP-UX was it? Was it and 11.x one? Thanks and Regards, =ele= -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adriano Leite (DHL CZ) Sent: Tuesday, May 27, 2008 2:40 PM To: pen-test () securityfocus com Subject: RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Just to complement, I also have seen it happening in non-patched HPUX servers more or less a year ago... That's why we have to think twice on running even a "simple" portscan in production systems... :) Adriano Dias Leite Global -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Brahnda A. Eleazar Sent: Monday, May 26, 2008 4:09 AM To: pen-test () securityfocus com Subject: RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Peace all, Many thanks for your comments... For those of you bet on the IP stack problem, you win :) We redid the scan last weekend to make sure of this. The problem is more of the limitation of the OS/machine being scanned.
From all the AS/400 machines being scanned, only the 730 machine was
seriously affected by nmap probes. It automatically assign a user for the TCP/IP connection and started numerous jobs (which had to be manually ended for them to stop). The rest of them didn't have this problem -- newer machines and OS-es. I agree with Jon that networking in this AS/400 is much more like an add-on after thought :) And it's pure luck in my opinion that no one before this brought the machine down (they have a team which also does ports scanning to their production servers, including this problematic one). Oh well, at least I learned something new =) Thanks and Regards, =adley= -----Original Message----- From: Rick Zhong [mailto:sagiko () gmail com] Sent: Saturday, May 17, 2008 2:50 PM To: Brahnda A. Eleazar Cc: pen-test () securityfocus com Subject: Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? I will put my bet on the crash of IP stacks as well. Those systems just can't handle the nmap probing packats properly. A very common scenario is the systems open connections and allocate resources, but fail to close them properly. I encountered these cases not only on AS400, some old solaris OS also have similar issues. On Fri, May 16, 2008 at 10:46 AM, Brahnda A. Eleazar <brahnda.e () hermisconsulting com> wrote:
Peace all, I am wondering whether this is related or not. I was in the middle of beginning a pentest activity for a network segment
containing quite a number of AS400 (Production).
I started with a simple nmap first to see what I am facing. My command was (IPs are masked) "nmap -sV -vv -p 8470-8476 -o
firsttry_port.nmap xxx.xxx.xxx.0/24"
This lasted for about 15 minutes. After about 2 hours later, 2 out of 50+ identifiable machines started
having problems.
They became very slow. Those two machines are using ASP (Auxiliary Storage Pools), 1 ASP on the
1st machine and 2 ASPs on the 2nd.
I just want to get more information whether my nmap did anything "bad"? :) Thanks and Regards, =adley= ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- RE: username and Password sent as clear text strings, (continued)
- RE: username and Password sent as clear text strings Shenk, Jerry A (May 15)
- RE: username and Password sent as clear text strings Jones, David H (May 15)
- Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 15)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Jon Kibler (May 16)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Newton, Preston (May 16)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? pand0ra (May 16)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? pand0ra (May 16)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Rick Zhong (May 17)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 26)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Adriano Leite (DHL CZ) (May 28)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 28)
- Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 15)
- Re: username and Password sent as clear text strings David Howe (May 21)
- Re: username and Password sent as clear text strings Matthew Zimmerman (May 22)
- Re: username and Password sent as clear text strings David Howe (May 23)