This is a known cisco bug. Their documentation on the bug says something like 'port scanning tools can create a situation where the router CPU utilization goes to 100%'. I don't recall if there is an IOS upgrade to fix this, so call Cisco and ask or go look through their online documentation to see if you IOS is possibly affected. ben tetu-pappas -----Original Message----- From: Josha Bronson To: bluefur0r bluefur0r Cc: pen-testat_private Sent: 10/7/2001 8:48 PM Subject: Re: Nmap issues...? or router? On Sun, Oct 07, 2001 at 02:39:31AM -0000, bluefur0r bluefur0r said: > After just completeing an audit for a company that has a DS-3 > connection (shared) and a cisco router (2015), One of the first issues > that was found was this: When nmaping using -sS and all ports, 1 nmap > scan nmaping 1 host at a time appeared to completely destroy their > bandwidth... Has anyone heard of this? Could this be a Router or ISP > problem??? It took very long to complete because i needed to use the > -T Polite option. I'm just curious if anyone else has ever encountered > nmap using up all network resources for such a high volume connection. > Any help would be appreciated so this never happens again. *Luckily I > started after hours* > blue Yes, I've seen this before. During and internal audit, one laptop scaning with nmap brought a LAN router to 100% CPU utilization. I think that the router had to be rebooted, but I can't remember. The router was a Cisco, of the 7000 series I believe. Sorry for the lack of facts, it was a while ago... I've meant to look into it again and try to pin down exactly what is going on here, but there never really seems to be a good time to nail a router that is in use, according to management. I've also spoken about this with a few other folks who have seen the same thing. Anyway, someone with spare time and a test network with a Cisco router should probably try and figure out what causes this. :) -- josha.bronson(aka->dmuz) >> dmuzat_private networks/systems/security && CCNA, RHCE josha.net || dmuz.angrypacket.com ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 15:28:58 PDT