lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <VIESHSMTP02NwWDCrEA00082cb6@smtp02.vie.hosting.nokia.com>
Date: Thu, 01 Jul 2010 05:41:02 +0000
From: "cor@...post24.com" <cor@...post24.com>
To: "Shang Tsung" <stsung@...l.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Should nmap cause a DoS on cisco routers?

During my training classes I always tell the -sV switch is dangerous and known to (sometimes) crash the target.  

Usually a better tool to test open udp ports is unicornscan, but that doesn't have a switch like -iL. Since you are testing your own devices and you know the community string, you could insider to loop through the list of IP's and snmpget a value from the MIB. 

Cor

sent from a mobile device 


----Origineel bericht----
Van: Shang Tsung
Verzonden:  30-06-2010 13:03:32
Onderw.:  Should nmap cause a DoS on cisco routers?

Hello,

Some days ago, I had the task to discover the SNMP version that our 
servers and networking devices use. So I run nmap using the following 
command:

nmap -sU -sV -p 161-162 -iL target_file.txt

This command was supposed to use UDP to probe ports 161 and 162, which 
are used for SNMP and SNMP Trap respectively, and return the SNMP 
version.

This "innocent" command caused most networking devices to crash and 
reboot, causing a Denial of Service attack and bringing down the 
network.

Now my question is.. Should this had happened? Can nmap bring the whole 
network down from one single machine?

Is this a configuration error of the networking devices?

This is scary...

Shang Tsung






  

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ