On Mon, 6 Feb 2006, Brad Cumbia wrote:
> Has anyone experienced global ioc crash's due to NMAP or Nessus security
> scans?
A typical nmap or nessus scan should not crash an IOC. However, I have
demonstrated a specially crafted nmap scan which will reliably crash an
IOC running EPICS 3.13 or earlier on VxWorks 5.4. (Actually, the IOC will
still be running, but networking will be completely down and will not
recover until reboot, so, effectively the IOC is "crashed".) It will cause
an ENOBUF error on VxWorks 5.5. Not tested on VxWorks < 5.4. EPICS >= 3.14
seems to be OK.
This nmap scan was specially crafted to test this and it is unlikely
someone would be running such a scan as part of security testing. (I also
have a c program which will demonstrate this.) I have a patch to 3.13
which will eliminate the problem.
--
Steve Hartman
[email protected] || 919-660-2650
Duke Free Electron Laser Laboratory
- References:
- Ioc denial of service attacks Brad Cumbia
- Navigate by Date:
- Prev:
Re: Ioc denial of service attacks D. Peter Siddons
- Next:
Re: Ioc denial of service attacks Andrew Johnson
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
RE: Ioc denial of service attacks Jeff Hill
- Next:
Re: Ioc denial of service attacks Andrew Johnson
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|