Re: Pix crashing with ISS snmp checks

["H. Morrow Long" <morrow.long () yale edu>]

budke () budke com wrote:
> Oh, I fully understand/agree that this is a pix problem.  I was curious as
> to how widespread or known it may be.  One would think that the scanners or
> people running them would hit a number of pix firewalls.  I thought I was
> going to get reprimanded for having missed an advisory.
>
> Out of curiosity, how well can one determine where/when ISS stopped
> checking. The /tmp logs seem to give some indication, but nothing concrete,

In the Windows NT GUI version you can doubleclick on the machine being
scanned and then on the 'tab' with the icon for 'Status' to see the current
state/progress.  You can also click on the 'Vulnerabilities' tab to see the
security vulnerabilities found by name and ranked (H,M,L) by color.

> and unless I'm running a sniffer on the net at the same time, how does one
> go about determining which state your at.  ...

One way would be to try to isolate down to one ISS test (e.g. in this case
one of the SNMP ISS tests) and still reproduce the same result.

Turn off all of the other ISS tests and then divide and conquer (ie. by the
binary search method) down to just the SNMP test which causes the problem
(if it still does).

- Morrow