[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <82pqz7tc3v.fsf@mid.bfk.de>
Date: Thu, 01 Jul 2010 16:12:36 +0000
From: Florian Weimer <fweimer@....de>
To: "Dobbins\, Roland" <rdobbins@...or.net>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Should nmap cause a DoS on cisco routers?
* Roland Dobbins:
> On Jul 1, 2010, at 5:23 PM, Thierry Zoller wrote:
>
>> If a device crashes when being scanned - it's a vulnerability.
>
> It sounds to me as if what happened was that he ended up driving the
> CPUs of the devices in question to 100%, and they stopped handling
> control-plane traffic and fell over. There are infrastructure
> self-protection best current practices (BCPs) which can be deployed
> to defend against infrastructure-targeted DoS.
Not necessarily. Fingerprinting is known to crash tons of devices.
And it's certainly a bug worth fixing. Many shops write their own
scripts to gather statistics from networking devices, and it's really
annoying when those scripts bring down devices (be it due to brittle
protocol parsers, or memory leaks in the server code).
--
Florian Weimer <fweimer@....de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists