We had the same issue with a Cisco PIX 525 and 520 and after an IOS update, the issue was solved. Which model(s) do you have?
Sonny Discini Senior Network Security Engineer Department of Technology Services Enterprise Infrastructure Division Montgomery County Government -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher J Bidwell Sent: Thursday, March 18, 2004 2:50 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Scanning - Half Open Connections My plugin is set to do a connect() scan. This is what is baffling me. Some of these routers we are using have firewall featersets running on them and that is where all of these half-open connections occur. Thanks, Chris |---------+------------------------------> | | [EMAIL PROTECTED]| | | orp.com | | | Sent by: | | | [EMAIL PROTECTED]| | | .nessus.org | | | | | | | | | 03/18/2004 12:04 PM| |---------+------------------------------> >----------------------------------------------------------------------- -------------------------------------------------------| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: Scanning - Half Open Connections | >----------------------------------------------------------------------- -------------------------------------------------------| Hi Chris: Sounds like your port scanner is running a syn scan - have you tried using a different type? If I remember correctly there was a discussion on the list a while back about this problem with Catylst switches....you may want to search the mailing list archives and see if you can find it... >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:nessus- >[EMAIL PROTECTED] On Behalf Of Christopher J Bidwell >Sent: Thursday, March 18, 2004 12:18 PM >To: [EMAIL PROTECTED] >Subject: Scanning - Half Open Connections > > >I'm having a serious problem with half-open connections when scanning >behind our routers that have firewalls integrated into them. I run my >scans on various subnets and it literally causes a DOS attack by >filling up the state table in the router with half-open connections. > >I'm using the Sans Top20-2003 plugin (slightly modified), and boy, I >just can't get it to stop creating these half open connections. Does >anyone have any clues? > >Thanks, > >Chris Bidwell > > >_______________________________________________ >Nessus mailing list >[EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus ------------------------------------------------------------------------ ---- This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
