Results 1 to 2 of 2

Thread: Was this responible disclosure

  1. #1

    Was this responible disclosure

    Got this off of bugtraq:

    Unisys "Clearpath" mainframes are very sensitive to the probes of nmap and
    similar programs. Basically, by only port-scanning (not even
    fingerprinting), you can cause the entire machine to seize up. (Yes, the
    whole machine...not just a job or the TCP/IP device.)

    The problem may be occurring because the host fires up a job to log each
    incomplete TCP handshake - other people have suggested a problem with the
    TCP/IP stack on the iron, but I really don't know for sure.

    I know people might think that I am just DOS'ing the machine, but I got
    this to happen with "nmap -T Normal" and it happens even easier at higher
    speeds. If I do the same scans against Windows, *nix, VAX, or any other
    type of TCP/IP devices I can find, the target machine continues to respond
    after the scan. (Even on some 20mhz DOS machines running a custom build of
    TCP/IP!) It's only the Clearpaths which seem to nose-dive.

    Lest you think I am complaining about a problem on a single machine, let me
    assure you I have seen this happen three different times at three different
    locations (2 financial data centers and 1 bank) on three different
    machines. I wrote this report after another security researcher
    mentioned privately to me that he observed the same thing.

    So...what's my advice? Don't use nmap or other port scanners against a
    Clearpath - it will probably be fatal.

    Say hello to my little friend: "nmapnt -p 1-1023 -T Normal" (If
    that doesn't work, make it less polite. Watch the "SPO" for added fun.)

    * * * Vendor notification
    Unisys field engineers have been notified of each occurrence at the various
    sites. (I saw my first one go down in October 2001, saw the third do it
    about a week ago. All were on current releases.)

    Also notified Fyodor (of nmap) and submitted the "Unisys Clearpath NX"
    fingerprints I had.

    The problem I see with this is it appears that Unisys has not fixed the problem. If that's the case then this individual just gave all the kiddies the key to downing these mainframes! No wonder people like HP want to sue all of us...Does anybody else see this the way I do?

  2. #2
    Senior Member
    Join Date
    Nov 2001
    the problem existed since before oct last year, the manufacture was notified long before this release. yes id have to say this was responsibe disclosure.

    if seeing this dosn't cause a security person to react nothing will, and it is the job of a security specialist to look for this this type of thing at security sites.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts