OOPS!
I forgot about the side effect.
It filled up my RAM disk and crashed my internal dhcpd. It also killed
weblet, I could still log on locally and any statically mapped system
worked, though slow. Those assigned with dhcp lost connectivity.
Still, it says a lot for the security of the LRP as a border device itself.
I have noticed that if your logs fill up, the LRP system slows stuff up.
----------------------------------------------
Steven Peck [EMAIL PROTECTED]
Sacramento, CA http://leaf.blkmtn.org
> -----Original Message-----
> From: Scott C. Best [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 26, 2001 10:45 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Leaf-devel] Vulnerabilities dot org
>
>
>
> So, I ran the Nessus scan on an Eigerstein 2.2.16
> running echowall. The report, as with Steven's experience,
> isn't very interesting: nothing found since I left nothing
> active (I commented out the WANTED_SERVICES line before
> restarting the firewall and testing). Report attached at
> the end of the email.
>
> What *is* interesting though is the packet logging.
> Oh my. Filled my ramdisk, preventing echowall from re-
> running, as "echo test > file" won't work if the disk is
> full. So...be cautious turning Nessus loose on your own
> LRP box. :)
> Makes me wonder though. At the start of the scan,
> /var/log/syslog, messages and kern.log were 15k, 13k, and
> 13k respectively. After the scan...all *three* of them were
> over 980k before I ran out of disk space.
> Sure, a brute-force DOS attack but...what am I doing
> wrong where each packet log gets recorded in 3 places?
>
> Also...I noticed my cable-modem connect thru the LRP
> was sluggish after the disk was filled. I checked with
> www.bandwidthplace.com/speedtest and it confirmed: 671 kpbs
> with a full disk, and 1293 kbps immediately after a reboot.
> Perhaps the next time someone on the LRP lists mentions
> that their LRP box is "acting slow" we should ask if they
> recently unleased Nessus on it.
>
> cheers,
> Scott
>
> > Everyone,
> > I found a site that is performing Nessus and NMAP scans for free.
> > Please test your firewalls and share the results.
>
> ---------------------------------------
>
> Nessus Scan Report compliments of www.vulnerabilities.org
>
> Free Nessus web scan provided by Vulnerabilities.org
> Contact [EMAIL PROTECTED] or [EMAIL PROTECTED]
> for a personal evaluation of the scan report, further detailed
> systems analysis. Of course, we are available for contract
> to correct your problems, provide recurring network
> vulnerability analysis, and general hosting system administration
>
> Please take a second and drop us a note, or if you would
> like to share your report with us, email to above!
>
> ______________________________________________________________
> __________________
>
>
> Number of hosts which were alive during the test : 1
> Number of security holes found : 0
> Number of security warnings found : 0
> Number of security notes found : 1
>
> List of the tested hosts :
>
> * 65.11.107.92 (Security notes found)
>
> ______________________________________________________________
> __________________
>
> [ Back to the top ]
> 65.11.107.92 :
>
> List of open ports :
>
> * general/udp (Security notes found)
>
> [ back to the list of ports ]
>
> Information found on port general/udp
>
> For your information, here is the traceroute to 65.11.107.92 :
> 207.211.208.3
> 165.113.120.205
> 165.113.50.146
> 165.113.50.65
> 165.113.3.126
> 24.7.74.62
> 216.197.144.30
> 10.0.254.242
> 10.0.255.14
> ?
>
> ______________________________________________________________
> __________________
> This file was generated by Nessus, the open-sourced security scanner.
>
>
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-devel
>
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
