Penetration Testing mailing list archives
Re: Crashing services with NMAP and/or SuperScan ?
From: Anders Thulin <Anders.Thulin () tietoenator com>
Date: Wed, 24 Nov 2004 08:46:05 +0100
Petr.Kazil () eap nl wrote:
Qugiestion: Do you think that running nmap without the -sV -O options could avoid this and still ve me enough information?
Depends on what 'enough' is. It's usually best to save -sV or -O until you really need them, rather than apply them to everything that's there. -sV (application fingerprinting) sends data to ports without any means of knowing that that service on that port is robust enough to withstand such probing. It's not quite the same as those robustness tests that essentially sent random data to various Unix utilities and watched them for signs of discomfort, but close. Send an SNMP request to any other UDP service -- can you say for certain that it will survive? It should ... but then this is the real world. There's no knowing just how fragile a network or system is, unless you test. There are POP servers on VMS that won't take a reset TCP session for reason enough to close the session, but instead hang on until they're shot down, and until then load the system more than they should (not a good thing to have on a billing system). There is Win95-based electro-cardiogram reader controlling software that dies at the mere mention of a scan. You have identified possible vulnerabilities with your scans, though perhaps not those you were looking for. An intruder on the network -- or indeed any random person with a port scanner -- would do the same damage under less controlled circumstances. An interesting question remains: do those crashes indicate *serious* vulnerabilities? Buffer overflows? Could you inject hostile code, and take over the systems? Should these systems perhaps be protected more actively? -- Anders Thulin anders.thulin () tietoenator com 040-661 50 63 TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö
Current thread:
- Crashing services with NMAP and/or SuperScan ? Petr . Kazil (Nov 23)
- Message not available
- Re: Crashing services with NMAP and/or SuperScan ? Peter Wood (Nov 24)
- Message not available
- RE: Crashing services with NMAP and/or SuperScan ? Jerry Shenk (Nov 24)
- Re: Crashing services with NMAP and/or SuperScan ? Dave McCormick (Nov 24)
- Re: Crashing services with NMAP and/or SuperScan ? Anders Thulin (Nov 25)
- <Possible follow-ups>
- Re: Crashing services with NMAP and/or SuperScan ? William Allsopp (Nov 24)
- Re: Crashing services with NMAP and/or SuperScan ? Jim Morgan (Nov 27)
- RE: Crashing services with NMAP and/or SuperScan ? Brewis, Mark (Nov 25)
- RE: Crashing services with NMAP and/or SuperScan ? Evans, Arian (Nov 27)
- Re: Crashing services with NMAP and/or SuperScan ? Donald Whitfield (Nov 27)
- Re: Crashing services with NMAP and/or SuperScan ? Donald Whitfield (Nov 27)
- Re: Crashing services with NMAP and/or SuperScan ? Donald Whitfield (Nov 27)
- RE: Crashing services with NMAP and/or SuperScan ? Evans, Arian (Nov 27)