Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?

["cor@xxxxxxxxxxxxx" <cor@xxxxxxxxxxxxx>]

During my training classes I always tell the -sV switch is dangerous and known 
to (sometimes) crash the target.  

Usually a better tool to test open udp ports is unicornscan, but that doesn't 
have a switch like -iL. Since you are testing your own devices and you know the 
community string, you could insider to loop through the list of IP's and 
snmpget a value from the MIB. 

Cor

sent from a mobile device 


----Origineel bericht----
Van: Shang Tsung
Verzonden:  30-06-2010 13:03:32
Onderw.:  Should nmap cause a DoS on cisco routers?

Hello,

Some days ago, I had the task to discover the SNMP version that our 
servers and networking devices use. So I run nmap using the following 
command:

nmap -sU -sV -p 161-162 -iL target_file.txt

This command was supposed to use UDP to probe ports 161 and 162, which 
are used for SNMP and SNMP Trap respectively, and return the SNMP 
version.

This "innocent" command caused most networking devices to crash and 
reboot, causing a Denial of Service attack and bringing down the 
network.

Now my question is.. Should this had happened? Can nmap bring the whole 
network down from one single machine?

Is this a configuration error of the networking devices?

This is scary...

Shang Tsung






  

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do 
a proper penetration test. IACRB CPT and CEPT certs require a full practical 
examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/