Exactly...and even doing a 'hard close' during a tcp port scan (default in most basic inventory scans) has created this very scenerio in my environment to the point of closing a listening port to VERY IMPORTANT systems...which if left unchecked, could have cost millions of dollars per hour. This goes for all scanning tools, not just ISS. Make sure you understand the tools policy/configuration and make sure you understand the network, server o/s and in some cases the application layer that you could be affecting. It's always easier to start light, and then move to heavier scans.
-----Original Message----- From: Sacchi Mario [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 10:45 AM To: Art van Schijndel; Shimon Silberschlag; [EMAIL PROTECTED] Subject: RE: [ISSForum] Internet scanner - intrusive? Guys, keep in mind that what's safe for a system, could be deadly to another. There's no guarantee that a check that's targeted for, let's say, a Linux machine (and it's safe if aimed to a Linux box), won't harm a different system, say a Windows or Solaris or BSD unit. This is only theory, and I cannot make practical examples right now, but think of custom applications, talking and listening to their own custom TCP ports... well, an unchecked buffer on one of them would make them vulnerable to a port scan... -----Original Message----- From: Art van Schijndel [mailto:[EMAIL PROTECTED] Sent: venerd� 7 marzo 2003 17:45 To: Shimon Silberschlag; [EMAIL PROTECTED] Subject: Re: [ISSForum] Internet scanner - intrusive? It's a good tool, but use it with due caution. We uncovered a bug in the VMS operating system IP stack by crashing it with a safe (i.e. no DOS vulnerability checks enabled) ISS scan. My policy is to verify scanner updates on test systems before targeting production systems with it. And when scanning the production environment, we don't scan redundant systems simultaneously. If you happen to crash the A system, for example, you want a viable B system to failover to. If you had both included in the same scan, you take the risk of taking them both down. =( Art ----- Original Message ----- From: "Shimon Silberschlag" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 04, 2003 02:46 Subject: [ISSForum] Internet scanner - intrusive? Are internet scanner scans intrusive in nature, for example, can a scan crash or otherwise damage a server? TIA, Shimon Silberschlag +972-3-9352785 +972-51-207130 _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
