|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [ISSForum] Internet scanner - intrusive?
From: InfoSec (InfoSec
williams.com)
Date: Tue Mar 11 2003 - 09:40:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Exactly...and even doing a 'hard close' during a tcp port scan (default in most basic inventory scans) has created this very scenerio in my environment to the point of closing a listening port to VERY IMPORTANT systems...which if left unchecked, could have cost millions of dollars per hour. This goes for all scanning tools, not just ISS. Make sure you understand the tools policy/configuration and make sure you understand the network, server o/s and in some cases the application layer that you could be affecting. It's always easier to start light, and then move to heavier scans.
-----Original Message-----
From: Sacchi Mario [mailto:Mario.Sacchiiriscube.com]
Sent: Monday, March 10, 2003 10:45 AM
To: Art van Schijndel; Shimon Silberschlag; issforumiss.net
Subject: RE: [ISSForum] Internet scanner - intrusive?
Guys,
keep in mind that what's safe for a system, could be deadly to another. There's no guarantee that a check that's targeted for, let's say, a Linux machine (and it's safe if aimed to a Linux box), won't harm a different system, say a Windows or Solaris or BSD unit.
This is only theory, and I cannot make practical examples right now, but think of custom applications, talking and listening to their own custom TCP ports... well, an unchecked buffer on one of them would make them vulnerable to a port scan...
-----Original Message-----
From: Art van Schijndel [mailto:aegisnwlink.com]
Sent: venerd́ 7 marzo 2003 17:45
To: Shimon Silberschlag; issforumiss.net
Subject: Re: [ISSForum] Internet scanner - intrusive?
It's a good tool, but use it with due caution. We uncovered a bug in the
VMS operating system IP stack by crashing it with a safe (i.e. no DOS
vulnerability checks enabled) ISS scan. My policy is to verify scanner
updates on test systems before targeting production systems with it. And
when scanning the production environment, we don't scan redundant systems
simultaneously. If you happen to crash the A system, for example, you want
a viable B system to failover to. If you had both included in the same
scan, you take the risk of taking them both down. =(
Art
----- Original Message -----
From: "Shimon Silberschlag" <shimonsbll.co.il>
To: <issforumiss.net>
Sent: Tuesday, March 04, 2003 02:46
Subject: [ISSForum] Internet scanner - intrusive?
Are internet scanner scans intrusive in nature, for example, can a
scan crash or otherwise damage a server?
TIA,
Shimon Silberschlag
+972-3-9352785
+972-51-207130
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]