Bugtraq mailing list archives

RE: DoS bug on Tru64

From: Roberts Ross <Ross.Roberts () alcatel com>
Date: Wed, 30 Jan 2002 13:56:43 -0500

From: Jason Johns - SAS(IT) [mailto:JJohns () SAS Samsung com]

Today we were using nmap to scan our network and when we scanned our
Tru64 machines, telnet and ftp froze and timed out. We could not make


As another data point, I ran nmap against one of our systems and managed to
kill rpc.lockd. Made for a bad situation as the box accesses its Oracle
databases from a NetApp Filer. :)

By and large, the OS appears to handle portscans rather badly. I've had many
services (lockd mentioned above, telnet, ftp, snmp, ttdbserverd among
others) either momentairly freeze or flat out die. Thus, I've made it a goal
to secure the boxes as well as possible (tcpwrappers, etc..).

We are running Tru64 Unix 4.0D patch kit 3 on Alpha 4100's and 8400's.
The nmap command line that was used is:
nmap -T Polite -O -p 23,139 -oM /tmp/lst 'xxx.xxx.16-44.*'


We have Tru64 5.1 & 5.1A running on 2100s, 4100s & DS20s. The box which had
lockd freak out was a DS20. 

fwiw.. NEVER run nmap against a production Alpha box outside of your
maintenance window.. at ANY nice level. No es bueno. SelfLART already
administered.

You can all laugh at my expense now,

-r
--
-Ross Roberts
 Unix/Network Administrator
 Alcatel Telecommunications Cable

Current thread:

DoS bug on Tru64 Jason Johns - SAS(IT) (Jan 30)
- Re: DoS bug on Tru64 Dennis Jenkins (Jan 30)
- Re: DoS bug on Tru64 Matt Chapman (Jan 31)
- <Possible follow-ups>
- Re: DoS bug on Tru64 ellipse (Jan 30)
- RE: DoS bug on Tru64 Roberts Ross (Jan 30)
- Re: DoS bug on Tru64 Bob Dog (Jan 30)
  - Re: DoS bug on Tru64 Chris Adams (Jan 31)
- Re: DoS bug on Tru64 UCX Foe (Jan 31)
- Re: DoS bug on Tru64 Scott Brewster (Jan 31)