RE: NMAP brings down Exchange Cluster?

["Siegle, Christopher J." <Christopher.Siegle () klgates com>]

Here are the ports nmap found on one of the cluster machines.  RPC is suspect, but that assumes that nmap is creating 
an endpoint and testing.  I'm not sure it does that.

PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-term-serv
6001/tcp open  X11:1

________________________________
From: Hani Benhabiles [mailto:kroosec () gmail com]
Sent: Friday, May 06, 2011 9:18 AM
To: Siegle, Christopher J.
Cc: Michael Pattrick; nmap-dev () insecure org
Subject: Re: NMAP brings down Exchange Cluster?

It would be also interesting if you could provide some packet capture or check it yourself and tell more about at what 
parts of the scan the problems do occur.

--Hani

On Fri, May 6, 2011 at 2:10 PM, Siegle, Christopher J. <Christopher.Siegle () klgates com<mailto:Christopher.Siegle () 
klgates com>> wrote:
I asked if we could test this against our secondary data center.  I'll share results if the test actually occurs.  Have 
you seen this happen before?  What did nmap do to create such a problem?

-----Original Message-----
From: nmap-dev-bounces () insecure org<mailto:nmap-dev-bounces () insecure org> [mailto:nmap-dev-bounces () insecure 
org<mailto:nmap-dev-bounces () insecure org>] On Behalf Of Michael Pattrick
Sent: Friday, May 06, 2011 8:58 AM
To: Siegle, Christopher J.
Cc: nmap-dev () insecure org<mailto:nmap-dev () insecure org>
Subject: Re: NMAP brings down Exchange Cluster?

Both an interesting and testable assertion! Do these crashes occur mid scan? If so, you could be partially to 
blame(along with whoever configured such a delicate exchange installation). If not, try to give up scanning for a few 
weeks, Nmap is off the hook if more infrastructure problems occur.

The command line parameter you gave are quite benign, and shouldn't be capable of taking down any server. So I doubt 
Nmap it to blame.

-M

On 2011-05-05, at 9:18 AM, "Siegle, Christopher J." <Christopher.Siegle () klgates com<mailto:Christopher.Siegle () 
klgates com>> wrote:

> Hi nmappers.
>
> Recently, my infrastructure peers have asserted that my use of nmap to scan our data center has caused various 
> problems including bringing down FOLB clusters (Exchange servers).  Although I think this is highly unlikely, I 
> wanted to get some feedback on this issue.
>
> I am using the following command line switches:
>
> -T3
> -sS
> -F
> -O
> -oX
>
> sometimes d4
>
> I appreciate your time.
>
> ==================================
> Christopher J. Siegle "Chris"
> Software Architect
> K&L Gates, LLP
> K&L Gates Center
> 210 Sixth Avenue
> Pittsburgh, PA 15222-2613 (412) 355-8659<tel:%28412%29%20355-8659>
> mailto:christopher.siegle () klgates com<mailto:christopher.siegle () klgates com>
>
> This electronic message contains information from the law firm of K&L Gates LLP.  The contents may be privileged and 
> confidential and are intended for the use of the intended addressee(s) only.  If you are not an intended addressee, 
> note that any disclosure, copying, distribution, or use of the contents of this message is prohibited.  If you have 
> received this e-mail in error, please contact me at Christopher.Siegle () klgates com<mailto:Christopher.Siegle () 
> klgates com>.
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/