Re: Technical Observations on SATAN: Issue: VMS and TCP/IP

[bicknell () ussenterprise async vt edu (Leo Bicknell)]

> I do some admin stuff at GMU, and while one of the other admin's here
> was running it against our subnet we encountered a crash. We've got
> a Paragon, and on the heavy scan it crashed during the test. We havn't
> isolated why yet, but suspect that it was becasue it was being hammered
> quite fast. This was after the "light & med" tests hasd passed. That
> machine is fairly tight, so it wasn't a matter of there being alot
> of ports open or anything... Anyway it didn't happen again, and we
> really ~obviously~ arn't looking to replicate it, particlularly on
> this machine, but I'd be interested to hear of any similar stuff
> from other folks.

        I run a Paragon here, and just finished a Satan run on our
departmetnal subnet.  We also have 3 VAXen on that subnet.  In all of
our scanning no machines crashed (save a SCO box with broken snmpd
that belived it should remove all it's routes...it's no longer running
snmpd).  Our largest problem was that the heavy scan produces all
sorts of interesting console and syslog messages on OSF/1 and Ultrix
machines, so many people were asking questions about it.

        I'd say any machine that crashes because of SATAN is quite
broken, it should be reporting error messages about the strange
packets.  If it crashed, go complain to your vendor, denial-of-service
is not fun.

-- 
Leo Bicknell - bicknell () vt edu                     | Make a little birdhouse
               bicknell () csugrad cs vt edu          | in your soul......
               bicknell () ussenterprise async vt edu | They Might
http://ussenterprise.async.vt.edu/~bicknell/       | Be Giants