Penetration Testing mailing list archives

RE: Nmap issues...? or router?

From: Ben Tetu-Pappas <bpappas () totality com>
Date: Tue, 9 Oct 2001 14:20:24 -0700

This is a known cisco bug. Their documentation on the bug says something
like 'port scanning tools can create a situation where the router CPU
utilization goes to 100%'. I don't recall if there is an IOS upgrade to fix
this, so call Cisco and ask or go look through their online documentation to
see if you IOS is possibly affected.

ben tetu-pappas 

-----Original Message-----
From: Josha Bronson
To: bluefur0r bluefur0r
Cc: pen-test () securityfocus com
Sent: 10/7/2001 8:48 PM
Subject: Re: Nmap issues...? or router?

On Sun, Oct 07, 2001 at 02:39:31AM -0000, bluefur0r bluefur0r said:

After just completeing an audit for a company that has a DS-3
connection (shared) and a cisco router (2015), One of the first issues
that was found was this: When nmaping using -sS and all ports, 1 nmap
scan nmaping 1 host at a time appeared to completely destroy their
bandwidth... Has anyone heard of this? Could this be a Router or ISP
problem??? It took very long to complete because i needed to use the
-T Polite option. I'm just curious if anyone else has ever encountered
nmap using up all network resources for such a high volume connection.
Any help would be appreciated so this never happens again. *Luckily I
started after hours*
blue


Yes, I've seen this before. During and internal audit, one laptop
scaning with nmap brought a LAN router to 100% CPU utilization. I think
that the router had to be rebooted, but I can't remember. The router was
a Cisco, of the 7000 series I believe.

Sorry for the lack of facts, it was a while ago...

I've meant to look into it again and try to pin down exactly what is
going on here, but there never really seems to be a good time to nail a
router that is in use, according to management.

I've also spoken about this with a few other folks who have seen the
same thing.

Anyway, someone with spare time and a test network with a Cisco router
should probably try and figure out what causes this. :)

-- 
josha.bronson(aka->dmuz) >> dmuz () angrypacket com
networks/systems/security && CCNA, RHCE 
josha.net || dmuz.angrypacket.com


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Nmap issues...? or router? bluefur0r bluefur0r (Oct 07)
- Re: Nmap issues...? or router? Stephen Perciballi (Oct 09)
- Re: Nmap issues...? or router? Blake Frantz (Oct 09)
- Re: Nmap issues...? or router? Ilici Ramirez (Oct 09)
- Re: Nmap issues...? or router? Alex Butcher (Oct 09)
- Re: Nmap issues...? or router? Josha Bronson (Oct 09)
- <Possible follow-ups>
- RE: Nmap issues...? or router? Ben Tetu-Pappas (Oct 09)
  - Re: Nmap issues...? or router? William McVey (Oct 12)
- RE: Nmap issues...? or router? Joe Dauncey (Oct 10)