Re: crashing netware 5x and 6x boxes

Tue, 11 Feb 2003 09:07:26 -0800 

I'd like to share some info that I found in my logs. Hopefully someone
can elaborate.

On 2/3/03, I scanned a server (let's called him Bob) and all went fine.
On 2/8/03, I scanned Bob again and he abbended.

The admin swears that nothing changed on the server (I'm starting to
doubt this). In order to prove my case, I looked through my nessus logs
and found this:

Three new plugins have were launched against Bob on 2/8/03. These
plugins were radmin_detect.nasl, xtel_detect, and xtelw_detect.nasl.

I looked through the scripts and I don't think that any of these could
have cause the abbend. I'd just feel better if someone could tell me
that they agree.

Thanks,
Adam


" I had the same problem.  I had 3 NetWare servers in a test, all 5.1, all SP4
" and 2 of the 3 ended up going to utilization of 99-100% and stop responding
" to the network users.  The only difference between the 2 that crashed and
" the one that didn't was that the 2 that crashed where the root and backup
" for the Tree.  The 3rd one was just a member server...so maybe it has
" something to do with the NDS and a test that it is running.  
" 
" But like you I did a safe, non-intrusive test....I was running the latest
" stable 1.2.7 version and had the latest updated Plug-In's
" 
" 
" 
" 
" -----Original Message-----
" From: Adam Kosmin [mailto:[EMAIL PROTECTED]] 
" Sent: Tuesday, February 11, 2003 11:24 AM
" To: [EMAIL PROTECTED]
" Subject: crashing netware 5x and 6x boxes
" 
" 
" Does anyone know what plugin looks at the Netware remote magagement
" buffer overflow attack documented at
" http://www.iss.net/security_center/static/8736.php
" 
" I searched the nessus plugins webpage and didn't see anything that could
" have launched this DoS. However, I'm concerned since I brought down a
" few of my Netware machines yesterday while running a non-intrusive scan
" (harmful plugins disabled) using "safe mode". I'm wondering if I've got
" a plugin installed that that tried this DoS attack but yet, doesn't have
" it's script_category set to either 'act_destructive_attack' or
" 'act_denial'
" 
" Thanks for any help,
" Adam
" 
" 
" -- 
" "Silly hacker, root is for administrators"
"       - Unknown
" 
" GnuPG Key : 11C2 79F6 BD3D 3A86 5640  3DA0 3860 B30E 711D 3B66
" 

-- 
"Silly hacker, root is for administrators"
        - Unknown

GnuPG Key : 11C2 79F6 BD3D 3A86 5640  3DA0 3860 B30E 711D 3B66

Attachment: msg03563/pgp00000.pgp
Description: PGP signature

Reply via email to