[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: Strange crash.
From:       Katherine M Hosch <khosch () entergy ! com>
Date:       2000-03-29 14:28:01
[Download RAW message or body]

I recently had some very unpleasant experience with this problem. All of the
computers in my enterprise were recently scanned with nmap as part of a
security audit.  There were several consequences of this, and two of them
were very bad:

	- scans often appeared to be from 0.0.0.0, which
	caused the people *doing* the scans to think that there
	someone else doing scans and trying to hide (doh!!)
	
	- on some systems (about 10% of the total, which were running
	solaris 2.6 & 7), inetd would hang as a result of the scan.
	
	- furthermore, on some of the systems, killing inetd in
	order to restart it and fix the hang caused the systems
	to crash (Sun bug id 4260432).
	
Systems with rev 07 of 105529 sometimes experienced the hang, but did not
crash on killing inetd (neither did the one very patched solaris 7 box that
had inetd hang).  There is now a rev 08 of the patch. Whether it prevent
inetd hanging remains to be seen.

Katherine Hosch, Senior IT Consultant		khosch@entergy.com
Entergy Services, Inc.				504-364-7713
200 Westbank Expressway				L-CC-2F
Gretna, LA  70053

>
> I believe both 2.6 and 7 are vulnerable to nmap OS-detection scans.  For
> 2.6, the patch is 105529-??.  There's probably an analogous patch for 7.
>
> Dig around Sunsolve for "recursive mutex_enter panic"
>
>
> On Mon, 27 Mar 2000, Larry W. Cashdollar wrote:
>
> > Does anyone know of any bugs with nmap and solaris 7?  After nmaping a
host
> > (plain old connect()) and shutting down a few services in /etc/inetd.conf
a
> > kill -HUP of inetd our solaris 7 box rebooted.  I found a unix.0 and a
> > vmcore.0 in /var/crash.  This is for Sparc.
> >
> > I didnt see anything in the messages or syslogs file as forclues.
> >
> >
> > -- Larry
> >
>
> Wyman Miles
> Senior Systems Administrator, Rice University, Texas.
> (713) 348-5827, e-mail:wymanm@rice.edu, pager:wymanm@pager.rice.edu

[prev in list] [next in list] [prev in thread] [next in thread]