Nmap Announce mailing list archives

Re: Safe scanning

From: "James D. Watson" <jwatson0 () erols com>
Date: Tue, 21 Mar 2000 22:24:49 -0500

Hello,

  In case you're interested, here's a little war story that is _not_ nmap
related, but which an nmap scan identified for us.  Sorry if this is old
news.

  A bunch of our Solaris 2.5 boxes had an incorrect file entry for the Font
Server ("fs" service, port 7100) in /etc/inet/inetd.conf.  It referenced a
file that doesn't exist or at least didn't exist where inetd.conf was
looking (sorry, can't remember what it is right now).  (I think the file was
fs.auto?)

  Anyway, any connection to port 7100 on those machines would sent inetd
into a tight fork()/exec()[failed, ENOENT] loop and spin up the CPU usage to
100%.  In our case, we triggered this on a bunch of boxes with an nmap scan;
once we discovered the bug we were able to be more careful -- in our case,
we didn't scan port 7100 and sent out an alert to our admins to clean up
their boxes.

  Hope that's useful.

-jw

Current thread:

Safe scanning Teolicy (Mar 21)
- Re: Safe scanning andy lowton (Mar 21)
- Re: Safe scanning Bruce Fraser (Mar 21)
- <Possible follow-ups>
- Re: Safe scanning Jonathan Day (Mar 21)
- Re: Safe scanning Alek O. Komarnitsky (Mar 21)
- Re: Safe scanning James D. Watson (Mar 21)