Hi Chris: Sounds like your port scanner is running a syn scan - have you tried using a different type?
If I remember correctly there was a discussion on the list a while back about this problem with Catylst switches....you may want to search the mailing list archives and see if you can find it... >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:nessus- >[EMAIL PROTECTED] On Behalf Of Christopher J Bidwell >Sent: Thursday, March 18, 2004 12:18 PM >To: [EMAIL PROTECTED] >Subject: Scanning - Half Open Connections > > >I'm having a serious problem with half-open connections when scanning >behind our routers that have firewalls integrated into them. >I run my scans on various subnets and it literally causes a DOS attack by >filling up the state table in the router with half-open connections. > >I'm using the Sans Top20-2003 plugin (slightly modified), and boy, I just >can't get it to stop creating these half open connections. >Does anyone have any clues? > >Thanks, > >Chris Bidwell > > >_______________________________________________ >Nessus mailing list >[EMAIL PROTECTED] >http://mail.nessus.org/mailman/listinfo/nessus ---------------------------------------------------------------------------- This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
