Hugo van der Kooij <[EMAIL PROTECTED]> writes:
> The problem clearly lies with the unprotected machines.
Definitely. This situation is interesting anyway: that's the first
time I hear that one can kill a Slowlaris box just by port scanning
it.
I think that the OS is not reponsible, but I'd suspect some brain
damaged software that starts eating CPU when you just open & close its
port. That's a very common behaviour; I suppose the code looks like:
s = accept(...);
n = 0;
while (n < expected_size)
if ((x = recv(s, buf+n, expected_size - n, MSG_NOSIGNAL)) < 0)
perror("recv");
else
n += x;
Which gives something baaaaad if recv returns (-1) on the "broken
pipe" error.
> Nessus is just one way to trigger their suicidal tendencies.
The message even said that nmap was enough.
snmpwalk can be a good way to kill a Broken As Designed SNMP agent
too.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
