I have accidentally DoSed stateful firewalls with nmap. If you originate the scan behind it, then the firewall needs a state table entry for each port being scanned. When you do a 64k port scan, this tends to exceed what the fw was designed for.
Paul
Michel Arboi wrote:
I'd like to know if anybody has crashed network equipments (firewall, routers, load balancers) while running a Nessus scan. I had bad experiences with stateful devices. I did not scan those devices directly: they were just on the way between the Nessus daemon and the target machine(s).
Although I cannot be 100% sure, I suspect that "stream.nasl" is responsible.
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: [EMAIL PROTECTED] web: www.westpoint.ltd.uk
