lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 6 Jul 2010 23:15:52 -0700
From: Fyodor <fyodor@...ecure.org>
To: Dan Kaminsky <dan@...para.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Should nmap cause a DoS on cisco routers?

On Thu, Jul 01, 2010 at 08:01:26PM -0400, Dan Kaminsky wrote:
> Permanent DoS's are unacceptable even from intentionally malicious  
> traffic, let alone a few nmap flags.

Hi Dan.  I Agree, and this wasn't even a very intense Nmap scan (see
Brandon Enright's summary at
http://seclists.org/pen-test/2010/Jun/68).

> I will grant you that network  
> isolation is indeed best practice, but broken code is not something to  
> apologize for or mitigate against.  It's something to apply real  
> pressure against.  If we can't get pissed, how is that QA guy supposed  
> to block shipment?

Absolutely!  And while people are in a mood to pressure vendors of
crappy networking devices, please talk to Hewlett-Packard!  Out of all
the devices, operating systems, ports, and protocols out there, only
one is so fragile and insecure that we had to exclude it from Nmap
version detection by default.  That is HP JetDirect (TCP ports
9100-9107).  No matter what random crap you spew at the port, it will
generally either crash the machine or start spewing out paper.  When
Nmap version detection was first released 7 years ago, we had so much
immediate feedback about HP printer problems that we "temporarily"
blocked those ports by default to give HP a chance to fix the
problems.  We're still waiting for that to happen!  The HP printer I
bought this year still goes haywire and starts beeping and spewing
paper if I enable the HP JD ports by scanning it with 
"nmap -A --allports hostname".

We even tried to understand the protocol and wrote a cute little Nmap
NSE script to set an HP printer's status message (to things like
"insert 25 cents", heh).  Even that simple program, which didn't
require any authentication, crashed HP printers so often that we
abandoned development.

Pardon my mini-rant, but I agree completely that network device makers
such as HP need to start showing some resiliency.  If Nmap can crash
them by accident, how can they be expected to hold up to real attacks?

Cheers,
Fyodor

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ