Bugtraq mailing list archives

Re[2]: Technical Observations on SATAN: Issue: VMS and TCP/I

From: rnayfield () mail iconnet com (Nayfield, Rod)
Date: Fri, 07 Apr 95 12:47:04 EST


     When using the "heavy" scanning mode on a network protected by 
     Checkpoint's (or sunsoft's OEM of it) FireWall-1 on a low-end system 
     (IPX w/32mb ram) the FW runs out of memory.  This does not yield any 
     security problems, however logging may stop/miss a few.  Then the log 
     should be cleared to reduce the memory used by the fw process.
     
     This is not a security problem, just a measure of the incredible force 
     SATAN uses when on 'heavy' mode.  
     
     Rod
     


______________________________ Reply Separator _________________________________
Subject: Re: Technical Observations on SATAN: Issue: VMS and TCP/IP
Author:  tfs () vampire science gmu edu at Internet
Date:    4/7/95 3:07 AM


Erik Lindquist wrote:
|For some reason when I test SATAN against VMS systems running either UCX or 
|Wollongong TCP/IP stacks the systems crash.
     
|This seems to be true for the heavy test only.  Other potentially 
|coincidental events include:
| 1.  First test on a given node; when system reboots and a test 
|     is again performed a successful test seems to be made.
| 2.  The first test uses the FQDN and the second test uses the 
|     IP address.
     
|I have no idea where to look? The crash logs do not reveal anything helpful. 
|A message coming from SATAN says:
| bin/udp_scan: are we talking to a dead host or network?
     
I do some admin stuff at GMU, and while one of the other admin's here 
was running it against our subnet we encountered a crash. We've got
a Paragon, and on the heavy scan it crashed during the test. We havn't 
isolated why yet, but suspect that it was becasue it was being hammered 
quite fast. This was after the "light & med" tests hasd passed. That 
machine is fairly tight, so it wasn't a matter of there being alot
of ports open or anything... Anyway it didn't happen again, and we 
really ~obviously~ arn't looking to replicate it, particlularly on 
this machine, but I'd be interested to hear of any similar stuff 
from other folks.
     
-tfs

Current thread:

Linux/SATAN Adam Machanic (Oct 21)
- Re: Linux/SATAN Michael Galante (Apr 06)
  - Re: Linux/SATAN Josh Wilmes (Oct 30)
  - SATAN ATTACKS EVERYWHERE Christopher Klaus (Jul 23)
    - Re: SATAN ATTACKS EVERYWHERE Leo Bicknell (Apr 07)
    - Problem with SATAN/VMS David R. Sears (Apr 07)
    - Re: Problem with SATAN/VMS Andreas Siegert (Apr 07)
    - Re: Problem with SATAN/VMS Timothy Newsham (Apr 08)
    - All.Net's security testing service Baltzer, Craig (Apr 07)
    - Re[2]: Technical Observations on SATAN: Issue: VMS and TCP/I Nayfield, Rod (Apr 07)
    - Re: SATAN ATTACKS EVERYWHERE Wolfgang Ley (Apr 09)
    - Re: SATAN ATTACKS EVERYWHERE Christopher Klaus (Jul 25)
- Shadowed PW file under Linux lenex (Apr 06)
  - Re: Shadowed PW file under Linux Cenon B.C. Marana Jr. (Apr 07)
    - Re: Shadowed PW file under Linux John F. Haugh II (Apr 09)
    - Re: Shadowed PW file under OSF/1 Cenon B.C. Marana Jr. (Apr 09)
    - Re: Shadowed PW file under OSF/1 Software Test Account (Apr 11)
    - Sys V. shedges () cactus netinterior com (Apr 11)
    - ANOTHER hole in NCSA httpd1.3R Paul Phillips (Apr 11)
    - UUCP/sendmail configs.. Cenon B.C. Marana Jr. (Apr 09)

(Thread continues...)