On Sun, Oct 07, 2001 at 02:39:31AM -0000, bluefur0r bluefur0r said: > After just completeing an audit for a company that has a DS-3 > connection (shared) and a cisco router (2015), One of the first issues > that was found was this: When nmaping using -sS and all ports, 1 nmap > scan nmaping 1 host at a time appeared to completely destroy their > bandwidth... Has anyone heard of this? Could this be a Router or ISP > problem??? It took very long to complete because i needed to use the > -T Polite option. I'm just curious if anyone else has ever encountered > nmap using up all network resources for such a high volume connection. > Any help would be appreciated so this never happens again. *Luckily I > started after hours* > blue Yes, I've seen this before. During and internal audit, one laptop scaning with nmap brought a LAN router to 100% CPU utilization. I think that the router had to be rebooted, but I can't remember. The router was a Cisco, of the 7000 series I believe. Sorry for the lack of facts, it was a while ago... I've meant to look into it again and try to pin down exactly what is going on here, but there never really seems to be a good time to nail a router that is in use, according to management. I've also spoken about this with a few other folks who have seen the same thing. Anyway, someone with spare time and a test network with a Cisco router should probably try and figure out what causes this. :) -- josha.bronson(aka->dmuz) >> dmuzat_private networks/systems/security && CCNA, RHCE josha.net || dmuz.angrypacket.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 11:26:01 PDT