lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <82mxuap68f.fsf@mid.bfk.de>
Date: Fri, 02 Jul 2010 09:45:20 +0000
From: Florian Weimer <fweimer@....de>
To: "Dobbins\, Roland" <rdobbins@...or.net>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Should nmap cause a DoS on cisco routers?

* Roland Dobbins:

> On Jul 1, 2010, at 11:12 PM, Florian Weimer wrote:
>
>> And it's certainly a bug worth fixing. 
>
> I doubt it's a 'bug' which can be 'fixed', just the same as sending
> enough legitimate HTTP requests to a Web server to bring it to its
> knees isn't a 'bug' which can be 'fixed', but rather a DoS which
> must be mitigated via a variety of mechanisms.

I was referring to single-packet (or single-request) crashers.
Reputable vendors still ship devices that have those bugs in 2010.

Chances are that Shang Tsung's nmap run triggered one of those.  As I
wrote, it happened before.  The nmap command line posted further
uptrhead does not actually cause a high pps flood.  Such level of SNMP
scanning is quite common in enterprise networks because some printer
drivers use it to locate printers, so your network devices are better
prepared to handle that.

And even if you applied control plane protection, you still need to
monitor those devices from your management network.  The brittleness
described in this thread makes this an extremely risky endeavor: one
typo in your Perl script, and your network is gone, even if the
monitoring station never had the credentials for enable access.
Those bugs might not be security-relevant, but they can be very
annyoing nevertheless.

-- 
Florian Weimer                <fweimer@....de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ