I don't know if this is related? It causes a reload when scanned on certain ports and certain levels of IOS. http://www.cisco.com/warp/customer/707/ios-tcp-scanner-reload-pub.shtml At 22:20 09/10/2001, Ben Tetu-Pappas wrote: >This is a known cisco bug. Their documentation on the bug says something >like 'port scanning tools can create a situation where the router CPU >utilization goes to 100%'. I don't recall if there is an IOS upgrade to fix >this, so call Cisco and ask or go look through their online documentation to >see if you IOS is possibly affected. > >ben tetu-pappas > >-----Original Message----- >From: Josha Bronson >To: bluefur0r bluefur0r >Cc: pen-testat_private >Sent: 10/7/2001 8:48 PM >Subject: Re: Nmap issues...? or router? > >On Sun, Oct 07, 2001 at 02:39:31AM -0000, bluefur0r bluefur0r said: > > After just completeing an audit for a company that has a DS-3 > > connection (shared) and a cisco router (2015), One of the first issues > > that was found was this: When nmaping using -sS and all ports, 1 nmap > > scan nmaping 1 host at a time appeared to completely destroy their > > bandwidth... Has anyone heard of this? Could this be a Router or ISP > > problem??? It took very long to complete because i needed to use the > > -T Polite option. I'm just curious if anyone else has ever encountered > > nmap using up all network resources for such a high volume connection. > > Any help would be appreciated so this never happens again. *Luckily I > > started after hours* > > blue > >Yes, I've seen this before. During and internal audit, one laptop >scaning with nmap brought a LAN router to 100% CPU utilization. I think >that the router had to be rebooted, but I can't remember. The router was >a Cisco, of the 7000 series I believe. > >Sorry for the lack of facts, it was a while ago... > >I've meant to look into it again and try to pin down exactly what is >going on here, but there never really seems to be a good time to nail a >router that is in use, according to management. > >I've also spoken about this with a few other folks who have seen the >same thing. > >Anyway, someone with spare time and a test network with a Cisco router >should probably try and figure out what causes this. :) > >-- >josha.bronson(aka->dmuz) >> dmuzat_private >networks/systems/security && CCNA, RHCE >josha.net || dmuz.angrypacket.com > > >------------------------------------------------------------------------ >---- >This list is provided by the SecurityFocus Security Intelligence Alert >(SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please >see: >https://alerts.securityfocus.com/ > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ Joe Dauncey Email: toothbrushheadat_private PGP Key ID: 0xEAA034D4 _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Oct 10 2001 - 16:31:56 PDT