Re: Nmap issues...? or router?

[Josha Bronson <dmuz () slartibartfast angrypacket com>]

On Sun, Oct 07, 2001 at 02:39:31AM -0000, bluefur0r bluefur0r said:
> After just completeing an audit for a company that has a DS-3
> connection (shared) and a cisco router (2015), One of the first issues
> that was found was this: When nmaping using -sS and all ports, 1 nmap
> scan nmaping 1 host at a time appeared to completely destroy their
> bandwidth... Has anyone heard of this? Could this be a Router or ISP
> problem??? It took very long to complete because i needed to use the
> -T Polite option. I'm just curious if anyone else has ever encountered
> nmap using up all network resources for such a high volume connection.
> Any help would be appreciated so this never happens again. *Luckily I
> started after hours*
> blue

Yes, I've seen this before. During and internal audit, one laptop
scaning with nmap brought a LAN router to 100% CPU utilization. I think
that the router had to be rebooted, but I can't remember. The router was
a Cisco, of the 7000 series I believe.

Sorry for the lack of facts, it was a while ago...

I've meant to look into it again and try to pin down exactly what is
going on here, but there never really seems to be a good time to nail a
router that is in use, according to management.

I've also spoken about this with a few other folks who have seen the
same thing.

Anyway, someone with spare time and a test network with a Cisco router
should probably try and figure out what causes this. :)

-- 
josha.bronson(aka->dmuz) >> dmuz () angrypacket com
networks/systems/security && CCNA, RHCE 
josha.net || dmuz.angrypacket.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/