lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTimoxGTOFX4RtmZSV10vk8enlqXH7Kvjz0gNeh-D@mail.gmail.com>
Date: Thu, 1 Jul 2010 18:38:55 +0200
From: Dan Kaminsky <dan@...para.com>
To: "Dobbins, Roland" <rdobbins@...or.net>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Should nmap cause a DoS on cisco routers?

And this is why BreakingPoint matters:  Because, oh man, network people let
manufacturers get away with shipping some really fragile code.

If a Windows desktop fell over because you looked at it funny -- and lets be
honest, nmap -sV is quite literally, looking at something funny -- it'd be
an unambiguous remote DoS and we'd laugh at Microsoft if they said we should
deploy best practices to deal with it.  Now, if the networking equipment in
question was a $75 Linksys router, sure.  There's a million ways to knock
those things over, and you get what you pay for.

But genuinely expensive gear?  Some of that budget needs to start going into
resiliency.

On Thu, Jul 1, 2010 at 1:07 PM, Dobbins, Roland <rdobbins@...or.net> wrote:

>
> On Jul 1, 2010, at 5:23 PM, Thierry Zoller wrote:
>
> > If a device crashes when being scanned - it's a vulnerability.
>
> It sounds to me as if what happened was that he ended up driving the CPUs
> of the devices in question to 100%, and they stopped handling control-plane
> traffic and fell over.  There are infrastructure self-protection best
> current practices (BCPs) which can be deployed to defend against
> infrastructure-targeted DoS.
>
> I've only seen this happen a few hundred times or so, so I could be wrong,
> of course.
>
> ;>
>
> As the original poster posited:
>
> > Is this a configuration error of the networking devices?
>
> The answer is, almost assuredly, "Yes."
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@...or.net> // <http://www.arbornetworks.com>
>
>    Injustice is relatively easy to bear; what stings is justice.
>
>                        -- H.L. Mencken
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ