Nmap Development mailing list archives
Re: NMAP brings down Exchange Cluster?
From: Michael Pattrick <mpattrick () rhinovirus org>
Date: Fri, 6 May 2011 18:07:47 -0400
With your command line parameters Nmap is not establishing a full tcp connection, let alone sending any data to server software. These half open tcp sessions are quickly cleaned up, so the instability couldn't be caused by a syn flood either. On 2011-05-06, at 9:48 AM, "Siegle, Christopher J." <Christopher.Siegle () klgates com> wrote:
Here are the ports nmap found on one of the cluster machines. RPC is suspect, but that assumes that nmap is creating an endpoint and testing. I'm not sure it does that. PORT STATE SERVICE 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-term-serv 6001/tcp open X11:1 From: Hani Benhabiles [mailto:kroosec () gmail com] Sent: Friday, May 06, 2011 9:18 AM To: Siegle, Christopher J. Cc: Michael Pattrick; nmap-dev () insecure org Subject: Re: NMAP brings down Exchange Cluster? It would be also interesting if you could provide some packet capture or check it yourself and tell more about at what parts of the scan the problems do occur. --Hani On Fri, May 6, 2011 at 2:10 PM, Siegle, Christopher J. <Christopher.Siegle () klgates com> wrote: I asked if we could test this against our secondary data center. I'll share results if the test actually occurs. Have you seen this happen before? What did nmap do to create such a problem? -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Michael Pattrick Sent: Friday, May 06, 2011 8:58 AM To: Siegle, Christopher J. Cc: nmap-dev () insecure org Subject: Re: NMAP brings down Exchange Cluster? Both an interesting and testable assertion! Do these crashes occur mid scan? If so, you could be partially to blame(along with whoever configured such a delicate exchange installation). If not, try to give up scanning for a few weeks, Nmap is off the hook if more infrastructure problems occur. The command line parameter you gave are quite benign, and shouldn't be capable of taking down any server. So I doubt Nmap it to blame. -M On 2011-05-05, at 9:18 AM, "Siegle, Christopher J." <Christopher.Siegle () klgates com> wrote:Hi nmappers. Recently, my infrastructure peers have asserted that my use of nmap to scan our data center has caused various problems including bringing down FOLB clusters (Exchange servers). Although I think this is highly unlikely, I wanted to get some feedback on this issue. I am using the following command line switches: -T3 -sS -F -O -oX sometimes d4 I appreciate your time. ================================== Christopher J. Siegle "Chris" Software Architect K&L Gates, LLP K&L Gates Center 210 Sixth Avenue Pittsburgh, PA 15222-2613 (412) 355-8659 mailto:christopher.siegle () klgates com This electronic message contains information from the law firm of K&L Gates LLP. The contents may be privileged and confidential and are intended for the use of the intended addressee(s) only. If you are not an intended addressee, note that any disclosure, copying, distribution, or use of the contents of this message is prohibited. If you have received this e-mail in error, please contact me at Christopher.Siegle () klgates com. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 05)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Hani Benhabiles (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- RE: NMAP brings down Exchange Cluster? Siegle, Christopher J. (May 06)
- Re: NMAP brings down Exchange Cluster? Michael Pattrick (May 06)
- Re: NMAP brings down Exchange Cluster? Verde Denim (May 06)