Full Disclosure mailing list archives
Re: Should nmap cause a DoS on cisco routers?
From: Florian Weimer <fweimer () bfk de>
Date: Fri, 02 Jul 2010 09:45:20 +0000
* Roland Dobbins:
On Jul 1, 2010, at 11:12 PM, Florian Weimer wrote:And it's certainly a bug worth fixing.I doubt it's a 'bug' which can be 'fixed', just the same as sending enough legitimate HTTP requests to a Web server to bring it to its knees isn't a 'bug' which can be 'fixed', but rather a DoS which must be mitigated via a variety of mechanisms.
I was referring to single-packet (or single-request) crashers. Reputable vendors still ship devices that have those bugs in 2010. Chances are that Shang Tsung's nmap run triggered one of those. As I wrote, it happened before. The nmap command line posted further uptrhead does not actually cause a high pps flood. Such level of SNMP scanning is quite common in enterprise networks because some printer drivers use it to locate printers, so your network devices are better prepared to handle that. And even if you applied control plane protection, you still need to monitor those devices from your management network. The brittleness described in this thread makes this an extremely risky endeavor: one typo in your Perl script, and your network is gone, even if the monitoring station never had the credentials for enable access. Those bugs might not be security-relevant, but they can be very annyoing nevertheless. -- Florian Weimer <fweimer () bfk de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Should nmap cause a DoS on cisco routers?, (continued)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Mailing lists at Core Security Technologies (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Fyodor (Jul 06)
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 07)
- Re: Should nmap cause a DoS on cisco routers? Benji (Jul 08)
- Message not available
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 08)
- Re: Should nmap cause a DoS on cisco routers? Florian Weimer (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Christian Sciberras (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Michal (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)