[157581] in North American Network Operators' Group
Re: Network scan tool/appliance horror stories
daemon@ATHENA.MIT.EDU (nick hatch)
Mon Oct 29 20:15:35 2012
In-Reply-To: <7EF4A8B03B0A3A44858C8B42E0DB236A0121BCA40E2B@PHX-52N-EXM04A.lcc.usairways.com>
From: nick hatch <nicholas.hatch@gmail.com>
Date: Mon, 29 Oct 2012 19:14:56 -0500
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Oct 29, 2012 at 2:10 PM, Pedersen, Sean <Sean.Pedersen@usairways.com
> wrote:
> I was curious if anyone had any particularly gruesome horror stories of
> scanning tools run amok.
>
A particular model of ShoreTel voice switches I used to administer (running
VxWorks, IIRC) would reliably lock up hard when hit with nmap's OS/service
detection on a particular port. Required pulling the plug to restore
service.
The truly odd thing was that it didn't seem like a resource exhaustion
issue, it could be triggered with a single well-crafted probe or two.
After several long nights of painful troubleshooting with their level III
support, we came to the conclusion that if it hurts, you probably shouldn't
do it, and mitigating ACLs were put in place.
-n
