OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Lambottaol.com
Date: Fri Dec 07 2001 - 04:03:35 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Stuart,

    I've come across a similar problem in the course of a PenTest using the #nmap -sU option (UDP scan)
    It appears there is no fix till date.
    You will find more info. on http://xforce.iss.net/static/7484.php
    http://www.remote-exploit.org/downloads.php

    Feel free to contact me directly to discuss.

    Taiye Lambo, CISSP
    Principal Security Consultant
    CyberCops Europe (UK)
    Mobile: 07958 430 094

    In a message dated Fri, 7 Dec 2001 06:07:24 Greenwich Mean Time, "Stuart" <stuart.hackinfobtinternet.com> writes:

    > We've run a pentest against a customer recently and found that the very act
    > of port scanning their Raptor firewall (running on NT) crippled its ability
    > to accept incoming connections for their web site. The firewall is a new
    > high spec PIII and the least line is a decent size. The nmap scans were
    > standard timing (not T5 or anything daft) - once the scans were stopped,
    > things burst back in to life within about 10minutes.
    >
    > This sounds like a lack of available connections type problem (similar to
    > SYN flooding) to me. The firewall was running at about 10% CPU usage at the
    > time and was not swapping to disk at all, also strangely, internal access
    > outbound to the net for web browsing seemed unaffected?
    >
    > Its the latest version of Raptor and we're told its fully patched up to
    > date.
    >
    > Does this ring any bells with anyone? Seems very odd to me... a portscan
    > should not cause a DOS by itself...
    >
    >
    > thanks
    > Stuart
    > IT Security Consultant, UK
    >
    >
    > ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities please see:
    > https://alerts.securityfocus.com/

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/