> -----Original Message----- > From: Renaud Deraison [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 3:01 PM > To: [EMAIL PROTECTED] > Subject: Re: Port scan causing system crashes > > > On Thu, Jun 12, 2003 at 11:55:26AM -0400, Clem Skorupka wrote: > > > I had a case where an rpc scan using nessus (I forget the > particular > > module or if it was the nmap precursor scan, this was a couple of > > years ago) against some large range of ports knocked out an > > allegro-based embedded web server on a network switch. It didn't > > crash this particular switch (though one had to reboot the > switch in > > order to bring back the web interface). > > > The bottom line is that as soon as you start to interfere > with another host, you can never predict how it will react to > actions that it has never been designed to handle, so no scan > is totally risk-free[1], and it's often very hard to find the > balance between a 99.9% accurate security audit and a > non-intrusive one. Note that this does not only affects > Nessus+Nmap, but any network vulnerability scanner. >
This brings to mind the Iron Triangle of network security assessment: Fast, Comprehensive, Low Impact. More of any one means less of the other two... Phil --------------------------------------------------------------------------- ----------------------------------------------------------------------------
