Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Nmap issues...? or router?

From: Joe Dauncey <toothbrushhead () yahoo com>
Date: Wed, 10 Oct 2001 16:28:49 +0100
I don't know if this is related? It causes a reload when scanned on certain ports and certain levels of IOS. 

http://www.cisco.com/warp/customer/707/ios-tcp-scanner-reload-pub.shtml


At 22:20 09/10/2001, Ben Tetu-Pappas wrote:

This is a known cisco bug. Their documentation on the bug says something
like 'port scanning tools can create a situation where the router CPU
utilization goes to 100%'. I don't recall if there is an IOS upgrade to fix
this, so call Cisco and ask or go look through their online documentation to
see if you IOS is possibly affected.

ben tetu-pappas

-----Original Message-----
From: Josha Bronson
To: bluefur0r bluefur0r
Cc: pen-test () securityfocus com
Sent: 10/7/2001 8:48 PM
Subject: Re: Nmap issues...? or router?

On Sun, Oct 07, 2001 at 02:39:31AM -0000, bluefur0r bluefur0r said:
> After just completeing an audit for a company that has a DS-3
> connection (shared) and a cisco router (2015), One of the first issues
> that was found was this: When nmaping using -sS and all ports, 1 nmap
> scan nmaping 1 host at a time appeared to completely destroy their
> bandwidth... Has anyone heard of this? Could this be a Router or ISP
> problem??? It took very long to complete because i needed to use the
> -T Polite option. I'm just curious if anyone else has ever encountered
> nmap using up all network resources for such a high volume connection.
> Any help would be appreciated so this never happens again. *Luckily I
> started after hours*
> blue

Yes, I've seen this before. During and internal audit, one laptop
scaning with nmap brought a LAN router to 100% CPU utilization. I think
that the router had to be rebooted, but I can't remember. The router was
a Cisco, of the 7000 series I believe.

Sorry for the lack of facts, it was a while ago...

I've meant to look into it again and try to pin down exactly what is
going on here, but there never really seems to be a good time to nail a
router that is in use, according to management.

I've also spoken about this with a few other folks who have seen the
same thing.

Anyway, someone with spare time and a test network with a Cisco router
should probably try and figure out what causes this. :)

--
josha.bronson(aka->dmuz) >> dmuz () angrypacket com
networks/systems/security && CCNA, RHCE
josha.net || dmuz.angrypacket.com


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Joe Dauncey
Email: toothbrushhead () yahoo com
PGP Key ID: 0xEAA034D4


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: