Penetration Testing mailing list archives
RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs?
From: "Newton, Preston" <cpnewton () eprod com>
Date: Fri, 16 May 2008 07:39:21 -0500
Define problems. I once used nessus to do some auditing on one of my server networks. It caused one server app to crash due to the application expecting a specific communication string when a system connected to it. It could be that they are running a really poorly written app that expects specific connection strings and nmap sent something it did not like/expect. Can you query the admins and ask them if the problem seems like a system problem or an application problem. I have a feeling it's an application issue and not a system issue. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Brahnda A. Eleazar Sent: Thursday, May 15, 2008 9:46 PM To: pen-test () securityfocus com Subject: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Peace all, I am wondering whether this is related or not. I was in the middle of beginning a pentest activity for a network segment containing quite a number of AS400 (Production). I started with a simple nmap first to see what I am facing. My command was (IPs are masked) "nmap -sV -vv -p 8470-8476 -o firsttry_port.nmap xxx.xxx.xxx.0/24" This lasted for about 15 minutes. After about 2 hours later, 2 out of 50+ identifiable machines started having problems. They became very slow. Those two machines are using ASP (Auxiliary Storage Pools), 1 ASP on the 1st machine and 2 ASPs on the 2nd. I just want to get more information whether my nmap did anything "bad"? :) Thanks and Regards, =adley= ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- username and Password sent as clear text strings jfvanmeter (May 14)
- RE: username and Password sent as clear text strings Shenk, Jerry A (May 15)
- Re: username and Password sent as clear text strings Todd Haverkos (May 15)
- Collection of problems in production systems while pen-testing - "Butterfly effect" Adriano Leite (DHL CZ) (May 28)
- RE: username and Password sent as clear text strings Shenk, Jerry A (May 15)
- RE: username and Password sent as clear text strings Jones, David H (May 15)
- Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 15)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Jon Kibler (May 16)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Newton, Preston (May 16)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? pand0ra (May 16)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? pand0ra (May 16)
- Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Rick Zhong (May 17)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 26)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Adriano Leite (DHL CZ) (May 28)
- RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 28)
- Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? Brahnda A. Eleazar (May 15)
- Re: username and Password sent as clear text strings David Howe (May 21)
- Re: username and Password sent as clear text strings Matthew Zimmerman (May 22)