Re: HACMP and port scans

From: Jordan Klein (haploat_private)
Date: Wed Sep 26 2001 - 09:31:28 PDT

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco Secure PIX Firewall SMTP Filtering Vulnerability"

Previous message: Alex S. Harasic: "3Com® HomeConnect® Cable Modem Denial of Service"
In reply to: Eoin D. Fleming: "HACMP and port scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 24 Sep 2001, Eoin D. Fleming wrote:

> It appears that IBM's HACMP 4.4 clustering software can be induced to fail
> simply by port scanning clustered machines, has anyone come accross this
> vulnerability and is there a workaround?
>
> Thanks,
> RT
>

Yes, when I worked at IBM, we found this same problem.  We had internal
security groups periodically port scanning our servers and they caused our
HACMP cluster servers to crash, as a result.

I don't remember all the details, as I didn't personally work with HACMP.
However, a good friend did and told me all about it.  I believe IBM has
some patches that can fix this problem.

I think it's somehow simulating a failover signal, but not correctly, so
causing a kernel panic or something.

-- 
Jordan Klein                                         haploat_private
gpg fingerprint = 3D15 2822 F5A9 AED4 A66C  48EF 0A21 39CB A5BA 8C5B
        You have moved your mouse.  Windows will now reboot.

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco Secure PIX Firewall SMTP Filtering Vulnerability"
Previous message: Alex S. Harasic: "3Com® HomeConnect® Cable Modem Denial of Service"
In reply to: Eoin D. Fleming: "HACMP and port scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 26 2001 - 11:39:07 PDT