Another nmap-induced denial-of-service is against many machines inetd's when doing a TCP connect() scan (-sT) with the result of killing the inetd process. I've found that Digital Unix and Irix have been vulnerable to this. I cannot reliably reproduce the problem[*] and have not tested it against xinetd. The work-around for the nmap user is to never use connect() scans, and to explicitly use -sS (or one of the other stealth scans) in conjunction with -O. There is no workaround for the system admin of the scanned system that I know of, other than automated monitoring for crashed inetds (I'd probably use netcat connecting to an inetd service like TCP daytime in a loop with appropriate logic and an appropriate response action...). [*] I have confirmed that it happens in response to a connect() scan and not any other TCP scan type and that it sometimes occurs immediately following a connect() scan when the inetd had been verified immediately previously to be running fine. On Tue, 22 Dec 1998, Olaf Selke wrote: > According to Sherwood Botsford: > > > > On Tue, 15 Dec 1998, Fyodor wrote: > > > > = I have just released version 2.00 of nmap, a program for network > > = security auditing and general Internet exploration. Almost all of the > > = core code has been rewritten for better performance and accuracy, and > > = many new features have been added. Here are some of its current > > = capabilities: > > > > Hi. Any idea why most of my hosts running HPUX 10.10 crashed > > during a local network scan with > > nmap -O > > I reproducible crashed Cisco routers running IOS version 12.0(1) > with nmap -sU. > > Olaf > -- > Olaf Selke, olaf.selkeat_private, voice +49 5241 80-7069 -- Lamont Granquist lamontgat_private Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontgat_private | pgp -fka
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:43 PDT