lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1309640548.20100702125913@Zoller.lu>
Date: Fri, 2 Jul 2010 12:59:13 +0200
From: Thierry Zoller <Thierry@...ler.lu>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Should nmap cause a DoS on cisco routers?



Slippery Slopes everywhere :

DR> Again, causing the RP CPU to go to 100% due to punted
DR> management-plane traffic isn't a new phenomenon
1. Nobody claimed it to be a new phenomenon
2. He is not saturating anything.

DR> Of course PSIRT will ask for details, as they should; my point is
DR> that there's likely nothing new to see here,
Oh that's the point now? I thought your point was that it is not a security "bug".
I agree on the "nothing new"  here,  "new" however  is  not a relevant attribute to
decide on whether it is a vulnerability or not.

DR> Even if there is something new, here - which I doubt - it's
DR> important that folks understand that there are BCPs they can
We   heard   your  BCPs  and  XZY  clearly,  doesn't make it less of a
vulnerability.

DR> The original poster asked if this were a configuration issue -
DR> and the answer is, yes
Interesting, how do you know ?
1. you do not know what caused the problem
2. you do obviously do not know what packets caused the problems

If   it   is   a  default  configuration  and you can remotely cause a
denial of service condition  :  it  is a vulnerability.

If   it   is   a non standard configuration  and you can remotely cause a
denial of service condition  :  it  is a vulnerability.

DR> vulnerabilities - as opposed to merely saturating the RP of a
DR> given network device with management-plane traffic.  Some of them
Last  time  :  He appears to not be saturating anything. nmap -sV does
surely not create saturisation...

DR> And many of them could be mitigated via BCPs until such time as
DR> fixed code could be deployed, as well.
There it is again, BCP. Is this the new "IDS" ?



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ