Bugtraq mailing list archives

Re: HACMP and port scans

From: Andrew Leonard <andy () geospiza com>
Date: Tue, 25 Sep 2001 11:08:23 -0700 (PDT)

Quoting "Eoin D. Fleming" <rtfm () eircom net>:

It appears that IBM's HACMP 4.4 clustering software can be induced to
fail simply by port scanning clustered machines, has anyone come accross
this vulnerability and is there a workaround?


I have not seen this particular vulnerability, having never used HACMP. 
However, I did see a very similar thing on Compaq's TruCluster product two jobs
ago: If port-scanned from a machine without a PTR record in DNS, the cluster
would develop split-brain syndrome.  At management's request, this was kept
quiet (as in, not posted here), and we worked with Compaq to develop a patch.

This was back in 1999, and applied to TruCluster 1.5 (I think...).  I never saw
an advisory about this from Compaq, so as far as I know this was quietly rolled
into TruCluster updates.

cheers:
andy
--
Andrew Leonard
Geospiza, Inc.
3939 Leary Way NW
Seattle, WA 98107
(206) 633-4403; (206) 633-4415 (fax)

Current thread:

HACMP and port scans Eoin D. Fleming (Sep 24)
- Re: HACMP and port scans Alex Polli (Sep 25)
  - Re: HACMP and port scans Andreas Siegert (Sep 26)
- Re: HACMP and port scans Andrew Leonard (Sep 25)
- Re: HACMP and port scans Jordan Klein (Sep 26)
- <Possible follow-ups>
- RE: HACMP and port scans Ali, Farrad (Sep 25)
  - RE: HACMP and port scans Steven Bishop (Sep 28)