Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Using nmap portscan against Solaris 9 with Netbackup 6 causes problems

From: "COMTE Guillaume" <herodote.comte () gmail com>
Date: Tue, 19 Feb 2008 19:21:18 +0100
Hi all,
I'm working in a datcenter and since 2 weeks now i'm trying to use nmap to
profile the network we have (os detection, services).
On this net we got 1200 box about 700 of them got a unix like system (Linux
2.4/2.6 AIX 5.1/5.2/5.3 Solaris 8/9/10) and type of hardware is very large,
Linux are usually on Xseries IBM models 335/336/445/3550, AIX on Power
4/4+/5/5+ from B80 to PL6450R, Solaris are on PP250/450/650/850 or SUN
V440/480 and older sun hardware like E420R)

So, i scan from a linux box running 2.6.9 RHEL4 kernel, using this command:

nmap -O -T4 our_net/our_netmask

So, at this point no problems with most of our servers, but... three of them
got their network connection down after the scan.

I've scan like this 4 times, and the admin of the 3 netbackup box warned me,
he've got 4 times his net down, then i analyse and it's no doubt, nmap
causes Solaris 9 with netbackup 6 on a prime power 450 to crash the ethernet
card, no logs on the solaris, only the exact time when then ethernet card
said : link down...  for no good reason, the cable is still plugged into the
server
.
The state of the network interface cannot be changed even if you unplugged
then plugged the cable from the box or the switch (which is a nortel 5510,
100 and 10000 bps, remember there is 3 boxes in this case and not plugged
into the same switch 2 of them are gigabyte and 1 is 100Mbps, so i think the
problem doesn't comes from the switch), i went to talk to network admin, and
the others boxes connected to the switch still run, so the prob affect only
the Solaris+netackup ones...
To use again the ethernet card that dropped down, i've got to reboot the
box, on these boxes there is others ethernet card, so if i plug the cable on
another ethernet it work again...

Any clue , or guidelines to solve this problems ?

I think that it's a solaris bug, so far, i will DDOS all netbackup running
with nmap, i can believe that...

Thks
Guillaume

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: