Penetration Testing mailing list archives
RE: Crashing services with NMAP and/or SuperScan ?
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Wed, 24 Nov 2004 07:58:33 -0500
Keying on your last paragraph, I have run into this and did exactly that. I said something like, "We really need to track down exactly what broke, can we schedule a time for a repeat test." -----Original Message----- From: Petr.Kazil () eap nl [mailto:Petr.Kazil () eap nl] Sent: Tuesday, November 23, 2004 5:42 AM To: pen-test () securityfocus com Subject: Crashing services with NMAP and/or SuperScan ?
(Side question: Has anyone ever crashed a server when the dangerous
scans
are disabled?)
L.S. I'm doing a series of quickscans in divisions of a large organization. I intentionally don't go deep, I just scratch the surface. So we can find only bad security errors, nothing subtle. One step in the quickscan is a portscan of the internal network. I've tried both nmap and Superscan. This usually brings out a lot of unexpected mail services, ftp servers, low services, web management interfaces etc. With Superscan I seem to have blown out a switch. It went "red" on the HP Openview screen and didn't react to ping anymore. All the network traffic continued - fortunately :-) As of today the admins haven't been able to tell me what really happened. I haven't dared to try Superscan anymore - although I like it's output very much - especially it's checks for headers and anonymous FTP and SMTP. Yesterday I ran nmap -sS -sV -O ... There were no problems on Win2K and Unix machines, but on WinNT SP5 (!) machines I seem to have blown out : - one Oracle TNS Listener - however the admin said "everything continued to function" - 2 or 3 Storageworks EVA Secure Path services. Fortunately the admins were not upset. They looked through the services on the servers, looked which ones had gone "stopped" and set them back to "started". Question: Do you think that running nmap without the -sV -O options could avoid this and still give me enough information? These are always difficult situations - replications is not easy (I canot ask : "Can I run the scan again and see if the same thing hapens?"). I can't test all OS versions on my test network. I'm not even sure if I'm really to blame, it could even be coincidence ... Of course I asked (and re-asked) before my scan: What subnetwork can I scan and which IP's should I avoid? Answer: We don't expect any problems, just take our whole subnet. Your comments are very welcome. Greetings, Petr Kazil
Current thread:
- Crashing services with NMAP and/or SuperScan ? Petr . Kazil (Nov 23)
- Message not available
- Re: Crashing services with NMAP and/or SuperScan ? Peter Wood (Nov 24)
- Message not available
- RE: Crashing services with NMAP and/or SuperScan ? Jerry Shenk (Nov 24)
- Re: Crashing services with NMAP and/or SuperScan ? Dave McCormick (Nov 24)
- Re: Crashing services with NMAP and/or SuperScan ? Anders Thulin (Nov 25)
- <Possible follow-ups>
- Re: Crashing services with NMAP and/or SuperScan ? William Allsopp (Nov 24)
- Re: Crashing services with NMAP and/or SuperScan ? Jim Morgan (Nov 27)
- RE: Crashing services with NMAP and/or SuperScan ? Brewis, Mark (Nov 25)
- RE: Crashing services with NMAP and/or SuperScan ? Evans, Arian (Nov 27)
- Re: Crashing services with NMAP and/or SuperScan ? Donald Whitfield (Nov 27)
- Re: Crashing services with NMAP and/or SuperScan ? Donald Whitfield (Nov 27)
- Re: Crashing services with NMAP and/or SuperScan ? Donald Whitfield (Nov 27)
- RE: Crashing services with NMAP and/or SuperScan ? Evans, Arian (Nov 27)