John Scherff wrote:
*Tenable/List*,
Starting last month, Nessus began crashing our Citrix Metaframe farm
(approximately 60 servers). _The same scan ran every month without
incident for over a year_ prior to November. It may be the case that
the scan did not bring down all the servers, but brought down certain
services that are critical to Metaframe functionality. Here's a quote
from the Citrix administrator:
It seems that somehow the scan causes the IMA (Independent Management
Architecture) service to stop on almost all the MF servers. There were
only 5 that did not have the IMA service stopped. Of course, when that
happens, they are dead to the ZDC (Zone Data Collector) which reports
them as Server Down. The IMA service is critical to the communication
between the MF servers and the ZDC.
You should grab any logfile or debug file from the scanner and the
Citrix servers to correlate things between each other (timestamps a crucial)
It's is always possible that a service drops down, with any type of
scan you do.
Maybe you could also look at the patch levels of these servers. I know
there was a bug reported a month ago in the IMA architecture. It's very
unlikely this is the problem, because no "not that I know" script is
testing for it. It is even unclear "to me" what the attack vector is for
this bug...
http://support.citrix.com/article/CTX111186
I'll think Citrix would also want to know why there IMA drops down.....
--Ferdy--
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
