|
Penetration Testing
username and Password sent as clear text strings May 14 2008 10:39AM jfvanmeter comcast net (6 replies) Re: username and Password sent as clear text strings May 20 2008 12:06AM Matthew Zimmerman (mzimmerman gmail com) (1 replies) Re: username and Password sent as clear text strings May 20 2008 08:43AM David Howe (DaveHowe Pentest googlemail com) (1 replies) Re: username and Password sent as clear text strings May 21 2008 06:40PM Matthew Zimmerman (mzimmerman gmail com) (1 replies) Re: username and Password sent as clear text strings May 23 2008 09:39AM David Howe (DaveHowe Pentest googlemail com) Re: username and Password sent as clear text strings May 15 2008 02:35PM Orlin Gueorguiev (orlin baturov com) RE: username and Password sent as clear text strings May 15 2008 02:29PM Jones, David H (Jones David H principal com) (1 replies) Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 02:46AM Brahnda A. Eleazar (brahnda e hermisconsulting com) (4 replies) Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 17 2008 07:49AM Rick Zhong (sagiko gmail com) (1 replies) RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 26 2008 02:08AM Brahnda A. Eleazar (brahnda e hermisconsulting com) (1 replies) RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 27 2008 07:39AM Adriano Leite (DHL CZ) (Adriano Dias Leite dhl com) (1 replies) RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 29 2008 02:33AM Brahnda A. Eleazar (brahnda e hermisconsulting com) Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 05:08PM pand0ra (pand0ra usa gmail com) (1 replies) Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 09:46PM pand0ra (pand0ra usa gmail com) Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 07:08AM Jon Kibler (Jon Kibler aset com) RE: username and Password sent as clear text strings May 15 2008 12:33PM Shenk, Jerry A (jshenk decommunications com) Re: username and Password sent as clear text strings May 15 2008 03:12AM Todd Haverkos (fsbo haverkos com) (1 replies) Collection of problems in production systems while pen-testing - "Butterfly effect" May 27 2008 08:10AM Adriano Leite (DHL CZ) (Adriano Dias Leite dhl com) RE: username and Password sent as clear text strings May 15 2008 02:34AM Shenk, Jerry A (jshenk decommunications com) |
|
|
Privacy Statement |
I once used nessus to do some auditing on one of my server networks. It
caused one server app to crash due to the application expecting a
specific communication string when a system connected to it. It could
be that they are running a really poorly written app that expects
specific connection strings and nmap sent something it did not
like/expect.
Can you query the admins and ask them if the problem seems like a system
problem or an application problem. I have a feeling it's an application
issue and not a system issue.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Brahnda A. Eleazar
Sent: Thursday, May 15, 2008 9:46 PM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Dangerous in using nmap for AS/400 730 machine configured with
3 ASPs?
Peace all,
I am wondering whether this is related or not.
I was in the middle of beginning a pentest activity for a network
segment containing quite a number of AS400 (Production).
I started with a simple nmap first to see what I am facing.
My command was (IPs are masked) "nmap -sV -vv -p 8470-8476 -o
firsttry_port.nmap xxx.xxx.xxx.0/24"
This lasted for about 15 minutes.
After about 2 hours later, 2 out of 50+ identifiable machines started
having problems.
They became very slow.
Those two machines are using ASP (Auxiliary Storage Pools), 1 ASP on the
1st machine and 2 ASPs on the 2nd.
I just want to get more information whether my nmap did anything "bad"?
:)
Thanks and Regards,
=adley=
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[ reply ]