Re: HACMP and port scans

From: Alex Polli (apolliat_private)
Date: Tue Sep 25 2001 - 04:36:12 PDT

Next message: Ali, Farrad: "RE: HACMP and port scans"

Previous message: Raistlin: "Re: Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code"
In reply to: Eoin D. Fleming: "HACMP and port scans"
Next in thread: Andreas Siegert: "Re: HACMP and port scans"
Next in thread: Ali, Farrad: "RE: HACMP and port scans"
Reply: Andreas Siegert: "Re: HACMP and port scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, I've faced this. In fact, the tcp connect() function, when applied to
certain HACMP ports causes the system to shut down that node. However, if
you make a SYN scan it won't happen.

IBM has given us no workaround, so we deployed a firewall in front of the
cluster machine, dropping packets to the HACMP ports.

Another gift from IBM to you.


----- Original Message -----
From: "Eoin D. Fleming" <rtfmat_private>
To: <bugtraqat_private>
Sent: Monday, September 24, 2001 6:27 PM
Subject: HACMP and port scans


> It appears that IBM's HACMP 4.4 clustering software can be induced to fail
> simply by port scanning clustered machines, has anyone come accross this
> vulnerability and is there a workaround?
>
> Thanks,
> RT
>
>

Next message: Ali, Farrad: "RE: HACMP and port scans"
Previous message: Raistlin: "Re: Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code"
In reply to: Eoin D. Fleming: "HACMP and port scans"
Next in thread: Andreas Siegert: "Re: HACMP and port scans"
Next in thread: Ali, Farrad: "RE: HACMP and port scans"
Reply: Andreas Siegert: "Re: HACMP and port scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 10:37:17 PDT