RE: Port scan causing system crashes

["Steve Goldsby (ICS)" <sgoldsby () networkarmor com>]

DGUX 2.x and below definitely die upon port scan, just like old versions
of solaris (syn flood vulnerability).


-----Original Message-----
From: Helmut Springer [mailto:delta () lug-s org] 
Sent: Thursday, June 12, 2003 11:31 AM
To: pen-test () securityfocus com
Cc: steve.x.jones () royalmail com
Subject: Re: Port scan causing system crashes

Hi,


On 12 Jun 2003 at 13:23 +0200, steve.x.jones () royalmail com wrote:
> Please can you help?  Has any-one else out there had issues with
> NMAP port scans (or any other port scanner) causing systems to
> crash?

Yes.


> I've done a quick Google search and found confirmation for one of
> the systems - BUGTRAQ Vulnerability 3358, "IBM HACMP Port Scan
> Denial of Service Vulnerability", the other was a bespoke app
> running on some HP UX boxes.

  Document ID:  HPSBUX0306-264
  Date Loaded:  20030604
        Title:  SSRT3460 Network traffic can cause programs to fail
  [...]
   A. Background
      Certain network traffic can cause programs to fail.  An
      example of potentially vulnerable program is diagmond.
  [...]


> Up til now I've been running port scans happily across our subnets
> to look for rogue FTP, SMTP, HTTP etc, obviously I'll have to take
> more care now...

One might say that you just find systems vulnerable to DoS attacks
this way, but in general scanning a pruduction environment always
carries a risk...


-- 
MfG/Best Regards,                  "If we keep our pride...
helmut springer                     Though paradise is lost
                                    We will pay the price,
                                    But we will not count the cost."

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------