Full Disclosure mailing list archives
Re: Should nmap cause a DoS on cisco routers?
From: "Dario Ciccarone (dciccaro)" <dciccaro () cisco com>
Date: Thu, 1 Jul 2010 13:28:49 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Shang: (x-posting to full-disclosure as it looks like those guys over there are having a bit of a philosophical discussion over this ;)) Hi there. My name is Dario Ciccarone and I work as an Incident Manager on the Cisco PSIRT - Product Security Incident Response Team. Your post has certainly caught our attention - indeed, if running an nmap scan (no matter which specific command-line options were in use) against a Cisco device makes it crash, we're certainly interested in knowing more. In order to follow-up on this, we would greatly appreciate if you could send us: * a "show tech" from one or more of the affected devices - specially if those are different kind of devices (switches, routers, firewalls, etc) * if you've been able to collect any crashinfo files - those would also come handy * if you have any console output/syslog messages/traceback information coming from any of the affected devices * the specific nmap version you're using If you could send all of that to psirt () cisco com (if possible, encrypted with the PSIRT GPG public key - http://www.cisco.com/en/US/products/products_security_vulnerability_po licy.html#roosfassv) we would look right into it. Much appreciated, Dario Dario Ciccarone <dciccaro () cisco com> Incident Manager - CCIE #10395 Product Security Incident Response Team (PSIRT) Cisco Systems, Inc. PGP Key ID: 0xBA1AE0F0 http://www.cisco.com/go/psirt This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shang Tsung Sent: Wednesday, June 30, 2010 7:04 AM To: pen-test () securityfocus com Subject: Should nmap cause a DoS on cisco routers? Hello, Some days ago, I had the task to discover the SNMP version that our servers and networking devices use. So I run nmap using the following command: nmap -sU -sV -p 161-162 -iL target_file.txt This command was supposed to use UDP to probe ports 161 and 162, which are used for SNMP and SNMP Trap respectively, and return the SNMP version. This "innocent" command caused most networking devices to crash and reboot, causing a Denial of Service attack and bringing down the network. Now my question is.. Should this had happened? Can nmap bring the whole network down from one single machine? Is this a configuration error of the networking devices? This is scary... Shang Tsung -------------------------------------------------------------- ---------- This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------- ----------
-----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBTCzeYYyVGB+6GuDwEQJDLwCfZnGVaFoSfPFaWDm7D3m8PQsmXxQAnjNO Te6wTi7vHSzhsLMQLSq0uwql =V0CQ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Should nmap cause a DoS on cisco routers?, (continued)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Christian Sciberras (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Michal (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Benji (Jul 01)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 02)
- Re: WiFi sniffing need to be connected? Tyler Borland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? bk (Jul 09)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 10)
- Re: Should nmap cause a DoS on cisco routers? Curt Purdy (Jul 16)