Re: Pix crashing with ISS snmp checks

[Eric Budke <budke () budke com>]

At 10:21 AM 3/4/99 -0500, you wrote:

>       The problem here is not with ISS, but with the PIX.  If I can
> run an easily available tool and crash your firewall, you have a
> serious problem.  There are checks in every security scanner which
> will crash a target unexpectedly; scanners, by their nature, work
> outside the bounds that the system designers anticipated.  We all try
> to minimize the DOS effects, and ensure that we warn you when you hit
> them, but a firewall really should be able to handle the full bore
> scan without blinking.  If it repeatedly can't, I urge you to get a
> refund.

Oh, I fully understand/agree that this is a pix problem.  I was curious as
to how widespread or known it may be.  One would think that the scanners or
people running them would hit a number of pix firewalls.  I thought I was
going to get reprimanded for having missed an advisory.

Out of curiosity, how well can one determine where/when ISS stopped
checking. The /tmp logs seem to give some indication, but nothing concrete,
and unless I'm running a sniffer on the net at the same time, how does one
go about determining which state your at.  Cybercop on the other hand is a
lot more verbose about this, telling you before a test is run that it is
running a test and being able to stop them individually.
--
PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt