Nmap Announce mailing list archives
Re: <OFFTOPIC??> nmap -sT scan freezes HP-UX server ???
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Sat, 6 Feb 1999 09:55:22 -0800
this isn't at all offtopic. it is known that a -sT scan will denial-of-service attack inetd's on various different systems. this is caused by some incorrect code in inetd when dealing with internal services like daytime, and is prevented by turning those services off. there have been some other reports of -sS trashing some other systems (see relevant threads on BUGTRAQ). i just tried this against both of the HP-UXs that we're running and i couldn't duplicate it. could you send more information? what OS were these machines running exactly? (give a uname -a if you can) what services were these machines running exactly? (nmap outpout would be nice) how consistant were the DoS attacks? did all the scanned machines of one type go down? did half of them go down? did one out of 10 of the scanned machines go down? can you replicate it consistantly against any of the target machines (admins of these machines might not like you to do this of course...). also, if you could try it again and see if it was the -sT scan or the -O scan that caused the crash (try -sT without -O and try -O with a -sS giving a single known-to-be-open port to -p). On Sat, 6 Feb 1999, Agustin Navarro wrote:
Sorry if this is off topic but I think you may be interested to know this problem that I had with nmap. I wanted to know the number of servers in a large intra-net of the company I work for. So I started an nmap scan wit the following command: %nmap -sT -O -p 1-1024 -n -m nmaplog.txt XXX.YYY.*.* The next day, the people from the field operations department told me that the scan had caused the HP-UX servers to freeze but could not explain why this could have happened. My questions: Is it reasonable to expect something like this to happen ? Have any of you heard anything like this before ?? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Agustin Navarro P. anavarro () vip eniac com 58.2.9630746
-- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- <OFFTOPIC??> nmap -sT scan freezes HP-UX server ??? Agustin Navarro (Feb 06)
- Re: <OFFTOPIC??> nmap -sT scan freezes HP-UX server ??? Olaf Selke (Feb 06)
- Re: <OFFTOPIC??> nmap -sT scan freezes HP-UX server ??? Lamont Granquist (Feb 06)