Bugtraq mailing list archives
Re[2]: Technical Observations on SATAN: Issue: VMS and TCP/I
From: rnayfield () mail iconnet com (Nayfield, Rod)
Date: Fri, 07 Apr 95 12:47:04 EST
When using the "heavy" scanning mode on a network protected by Checkpoint's (or sunsoft's OEM of it) FireWall-1 on a low-end system (IPX w/32mb ram) the FW runs out of memory. This does not yield any security problems, however logging may stop/miss a few. Then the log should be cleared to reduce the memory used by the fw process. This is not a security problem, just a measure of the incredible force SATAN uses when on 'heavy' mode. Rod ______________________________ Reply Separator _________________________________ Subject: Re: Technical Observations on SATAN: Issue: VMS and TCP/IP Author: tfs () vampire science gmu edu at Internet Date: 4/7/95 3:07 AM Erik Lindquist wrote: |For some reason when I test SATAN against VMS systems running either UCX or |Wollongong TCP/IP stacks the systems crash. |This seems to be true for the heavy test only. Other potentially |coincidental events include: | 1. First test on a given node; when system reboots and a test | is again performed a successful test seems to be made. | 2. The first test uses the FQDN and the second test uses the | IP address. |I have no idea where to look? The crash logs do not reveal anything helpful. |A message coming from SATAN says: | bin/udp_scan: are we talking to a dead host or network? I do some admin stuff at GMU, and while one of the other admin's here was running it against our subnet we encountered a crash. We've got a Paragon, and on the heavy scan it crashed during the test. We havn't isolated why yet, but suspect that it was becasue it was being hammered quite fast. This was after the "light & med" tests hasd passed. That machine is fairly tight, so it wasn't a matter of there being alot of ports open or anything... Anyway it didn't happen again, and we really ~obviously~ arn't looking to replicate it, particlularly on this machine, but I'd be interested to hear of any similar stuff from other folks. -tfs
Current thread:
- Linux/SATAN Adam Machanic (Oct 21)
- Re: Linux/SATAN Michael Galante (Apr 06)
- Re: Linux/SATAN Josh Wilmes (Oct 30)
- SATAN ATTACKS EVERYWHERE Christopher Klaus (Jul 23)
- Re: SATAN ATTACKS EVERYWHERE Leo Bicknell (Apr 07)
- Problem with SATAN/VMS David R. Sears (Apr 07)
- Re: Problem with SATAN/VMS Andreas Siegert (Apr 07)
- Re: Problem with SATAN/VMS Timothy Newsham (Apr 08)
- All.Net's security testing service Baltzer, Craig (Apr 07)
- Re[2]: Technical Observations on SATAN: Issue: VMS and TCP/I Nayfield, Rod (Apr 07)
- Re: SATAN ATTACKS EVERYWHERE Wolfgang Ley (Apr 09)
- Re: SATAN ATTACKS EVERYWHERE Christopher Klaus (Jul 25)
- Re: Linux/SATAN Michael Galante (Apr 06)
- Re: Shadowed PW file under Linux Cenon B.C. Marana Jr. (Apr 07)
- Re: Shadowed PW file under Linux John F. Haugh II (Apr 09)
- Re: Shadowed PW file under OSF/1 Cenon B.C. Marana Jr. (Apr 09)
- Re: Shadowed PW file under OSF/1 Software Test Account (Apr 11)
- Sys V. shedges () cactus netinterior com (Apr 11)
- ANOTHER hole in NCSA httpd1.3R Paul Phillips (Apr 11)
- UUCP/sendmail configs.. Cenon B.C. Marana Jr. (Apr 09)