Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Retina scans caused broadcast storms

From: "William Allsopp" <William_Allsopp () eur 3com com>
Date: Thu, 25 Nov 2004 15:38:06 +0000



Has anyone ever caused a full blown broadcast storm by using the Retina
Security Scanner.



Its looks as if I may caused a severe slow down on a network recently and think
the scanner may have caused it. What I am trying to determine is whether
existing problems in the switching enviroment may have been exaserbated by the
use of the scanner.



Anybody else ever experience these sorts of issues with Retina?



dale


First of all, your lan can take a performance hit from a scanner without it
neccesarily being the result of a broadcast storm. However, if this is what is
occuring, it is a problem most likely caused by existing configuration issues.
Without knowing more about the setup of your network it would be difficult to
comment further, except to say that it may be that one or more of your switches
is receiving a response from the machine you are scanning from several different
links causing confusion as to which link to use.

In other words, Retina will not cause a broadcast storm in and of itself but the
traffic it generates may highlight issues that might not be otherwise apparent.

W.
Previous By Date Next
Previous By Thread Next

Current thread: