[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
From: "Dobbins, Roland" <rdobbins@xxxxxxxxx>
Date: Thu, 1 Jul 2010 23:16:45 +0000

On Jul 1, 2010, at 11:12 PM, Florian Weimer wrote:

> And it's certainly a bug worth fixing. 

I doubt it's a 'bug' which can be 'fixed', just the same as sending enough 
legitimate HTTP requests to a Web server to bring it to its knees isn't a 'bug' 
which can be 'fixed', but rather a DoS which must be mitigated via a variety of 
mechanisms.  It would be quite helpful if the original poster would detail the 
models/types/versions of the network devices in question, and possibly provide 
a sample query packet.

Part of the general issue here is the large disconnect between the traditional 
security research community and the networking community; with a few notable 
exceptions, there isn't a lot of mutual discussion and understanding, and 
certainly no understanding of network infrastructure device architectures, best 
current practices (BCPs), and so forth.

One of the most fundamental BCPs is that one must make use of various network 
infrastructure self-protection mechanisms to keep undesirable traffic away from 
the control and management planes of said network infrastructure.  Here's a 
.pdf presentation which discusses network infrastructure self-protection:

<http://files.me.com/roland.dobbins/prguob>

Firing a bunch of SNMP queries at network infrastructure devices and causing 
network disruption as a result isn't anything new, it's a well-understood 
phenomenon with a well-understood - in the network operational community, at 
least - remedy via making use of the appropriate self-protection mechanisms 
built into most modern network infrastructure devices.  

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@xxxxxxxxx> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: Dan Kaminsky
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: Florian Weimer

References:
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: cor@xxxxxxxxxxxxx
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: Thierry Zoller
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: Dobbins, Roland
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: Thierry Zoller
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: Dobbins, Roland
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
  - From: Florian Weimer

Prev by Date: Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
Next by Date: Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
Previous by thread: Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
Next by thread: Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
Index(es):
- Date
- Thread