[22739] in bugtraq
Re: HACMP and port scans
daemon@ATHENA.MIT.EDU (Jordan Klein)
Wed Sep 26 13:29:01 2001
Date: Wed, 26 Sep 2001 09:31:28 -0700 (PDT)
From: Jordan Klein <haplo@haplo.net>
To: "Eoin D. Fleming" <rtfm@eircom.net>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <000901c1453f$ad9eb480$dce3869f@traveller>
Message-ID: <Pine.BSO.4.33.0109260924170.22634-100000@www.haplo.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 24 Sep 2001, Eoin D. Fleming wrote:
> It appears that IBM's HACMP 4.4 clustering software can be induced to fail
> simply by port scanning clustered machines, has anyone come accross this
> vulnerability and is there a workaround?
>
> Thanks,
> RT
>
Yes, when I worked at IBM, we found this same problem. We had internal
security groups periodically port scanning our servers and they caused our
HACMP cluster servers to crash, as a result.
I don't remember all the details, as I didn't personally work with HACMP.
However, a good friend did and told me all about it. I believe IBM has
some patches that can fix this problem.
I think it's somehow simulating a failover signal, but not correctly, so
causing a kernel panic or something.
--
Jordan Klein haplo@haplo.net
gpg fingerprint = 3D15 2822 F5A9 AED4 A66C 48EF 0A21 39CB A5BA 8C5B
You have moved your mouse. Windows will now reboot.
