[22734] in bugtraq
Re: HACMP and port scans
daemon@ATHENA.MIT.EDU (Andrew Leonard)
Tue Sep 25 16:07:50 2001
To: bugtraq@securityfocus.com
Message-ID: <1001441303.3bb0c817d5ca2@webmail.geospiza.com>
Date: Tue, 25 Sep 2001 11:08:23 -0700 (PDT)
From: Andrew Leonard <andy@geospiza.com>
Cc: "Eoin D. Fleming" <rtfm@eircom.net>
In-Reply-To: <000901c1453f$ad9eb480$dce3869f@traveller>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Quoting "Eoin D. Fleming" <rtfm@eircom.net>:
> It appears that IBM's HACMP 4.4 clustering software can be induced to
> fail simply by port scanning clustered machines, has anyone come accross
> this vulnerability and is there a workaround?
I have not seen this particular vulnerability, having never used HACMP.
However, I did see a very similar thing on Compaq's TruCluster product two jobs
ago: If port-scanned from a machine without a PTR record in DNS, the cluster
would develop split-brain syndrome. At management's request, this was kept
quiet (as in, not posted here), and we worked with Compaq to develop a patch.
This was back in 1999, and applied to TruCluster 1.5 (I think...). I never saw
an advisory about this from Compaq, so as far as I know this was quietly rolled
into TruCluster updates.
cheers:
andy
--
Andrew Leonard
Geospiza, Inc.
3939 Leary Way NW
Seattle, WA 98107
(206) 633-4403; (206) 633-4415 (fax)
