System Crash while scanned by nessus or saint
Hi List, i've a suse linux box (7.3 Kernel 2.4.16) which is dying without console messages while scanning from a foreign host with nessus or saint, the last log message points always to "can not execute finger ...", a tcpdump shows always different (last) messages, for testing i've stopped inetd, ssh, apache,smb and so on but the host still dies, des anybody have a idea wha this could be ? I made an kernel update from 2.4.10 to 2.4.16 but other hosts with the same setup and kernel doesnt have tha prob ?? many thanks Matthias
Hi there, have you allready check the Nessus Options? There is one point where you can say: "Include all plug-ins" or "Just -not dangerous- plug-ins" (or something like that) ... if you use the full options, Nessus also performs DoS Attacks, and maybe crashes one of your still running deamons. Seems to be an importent deamon ... if the box crashes down ... TheJackal ----- Original Message ----- From: "Matthias Krauss" <MKrauss@hitchhiker.com> To: "Suse-Security" <suse-security@suse.com> Sent: Wednesday, June 26, 2002 3:05 PM Subject: [suse-security] System Crash while scanned by nessus or saint
Hi List, i've a suse linux box (7.3 Kernel 2.4.16) which is dying without console messages while scanning from a foreign host with nessus or saint, the last log message points always to "can not execute finger ...", a tcpdump shows always different (last) messages, for testing i've stopped inetd, ssh, apache,smb and so on but the host still dies, des anybody have a idea wha this could be ? I made an kernel update from 2.4.10 to 2.4.16 but other hosts with the same setup and kernel doesnt have tha prob ??
many thanks
Matthias
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
--- Ausgehende Mail ist zertifiziert virenfrei. Überprüft durch AVG Antivirus System (http://www.grisoft.com/de). Version: 6.0.371 / Virendatenbank: 206 - Erstellungsdatum: 13.06.2002
Hi there,
have you allready check the Nessus Options? There is one point where you can say: "Include all plug-ins" or "Just -not dangerous- plug-ins" (or something like that) ... if you use the full options, Nessus also performs DoS Attacks, and maybe crashes one of your still running deamons. Seems to be an importent deamon ... if the box crashes down ...
shouldn't happen, too. The scanning program can't be made responsible for failures on the remote side. Unfortunately, it seems difficult to reproduce. Can you please send in the logfile, and the syslogd from the target that are a result of the scan? Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
Seems to be an importent deamon ... if the box crashes down I'd rather suspect a bad network card driver than a daemon. Especially because it seems to be rather random... Or maybe even the hardware itself.
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
participants (4)
-
Markus Gaugusch -
Matthias Krauss -
Michael Haunzwickl -
Roman Drahtmueller