Firewall Wizards mailing list archives
Re: Pix crashing with ISS snmp checks
From: Adam Shostack <adam () homeport org>
Date: Thu, 4 Mar 1999 10:21:43 -0500
On Wed, Mar 03, 1999 at 06:10:57PM -0500, Eric Budke wrote:
| I'm trying to track down version numbers for this, but it appears that with
| ISS 5.6.2 in the snmp check section that we successfully killed a pix
| router (the OS version is in question).
|
| Is there a habit of this happening?
| We weren't running DOS checks, and I haven't been able to try other snmp
| checks against it...client is a little hesitant until after their
| post-mortem.
The problem here is not with ISS, but with the PIX. If I can
run an easily available tool and crash your firewall, you have a
serious problem. There are checks in every security scanner which
will crash a target unexpectedly; scanners, by their nature, work
outside the bounds that the system designers anticipated. We all try
to minimize the DOS effects, and ensure that we warn you when you hit
them, but a firewall really should be able to handle the full bore
scan without blinking. If it repeatedly can't, I urge you to get a
refund.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Current thread:
- Pix crashing with ISS snmp checks Eric Budke (Mar 04)
- Re: Pix crashing with ISS snmp checks Adam Shostack (Mar 05)
- Re: Pix crashing with ISS snmp checks Eric Budke (Mar 05)
- Re: Pix crashing with ISS snmp checks Ted Doty (Mar 06)
- Re: Pix crashing with ISS snmp checks David LeBlanc (Mar 09)
- Dialog on Microsoft's Proxy server? Don Tuer (Mar 10)
- RE: Dialog on Microsoft's Proxy server? Peter Hunt (Mar 11)
- RE: Dialog on Microsoft's Proxy server? David LeBlanc (Mar 12)
- Re: Dialog on Microsoft's Proxy server? Phil Cox (Mar 11)
- Re: Pix crashing with ISS snmp checks Eric Budke (Mar 05)
- Re: Pix crashing with ISS snmp checks Adam Shostack (Mar 05)
- <Possible follow-ups>
- Re: Pix crashing with ISS snmp checks H. Morrow Long (Mar 06)