From: Matthias Heinrich (matze-heinrich@gmx.de)
Date: Sat Jul 15 2006 - 10:06:36 EDT
thanx for your ideas!
That supported my idea that it's rather a problem of the number of requests
than a problem of the exploits done by nikto.
Maze
-----Ursprüngliche Nachricht-----
Von: Evans, Arian [mailto:Arian.Evans@fishnetsecurity.com]
Gesendet: Freitag, 14. Juli 2006 23:04
An: pen-test@security-focus.com
Betreff: RE: nikto, n-stealth can crash the web-server?
Matthias,
> -----Original Message-----
> From: Matthias Heinrich [mailto:matze-heinrich@gmx.de]
>
> I'm trying to find out if web-scanners like n-stealth or
> nikto can crash the web-server and why.
I've seen nikto in particular cause crashes, and Nessus
plugins, but it always depends on the webserver & the
check, and usually it's not too hard to hunt down.
Examples:
+ Chunked encoding tests on older IIS & apache versions
+ There's a Cisco ACS BoF check through a long URL string
that I've seen crash custom webservers due to the character
sets used to create the URL payload, or the size, not being
handled properly.
+ Threads: on custom web servers, poorly coded threading
can thread-lock the thing.
+ Sockets: I ran into Tomcat implemented with some custom
sockets programming that choked on multi-threaded tests
due to inability to close & recycle TCP connections fast
enough (would simply run out of proc, then mem).
+ TCP/IP stack: this is mostly old news, but I've seen
www and db servers fail due to the stack crashing on
several OSes, like old HPUX, and OpenVMS stuff back when
you had vendor-supplied custom stacks, and same with
some older Unisys systems that they customized the IP stack.
You couldn't even port-scan some of those old systems
w/out them crashing; see Sockets: above.
Then there is simply resource exhaustion, possibly due
to system limitations or web server misconfiguration.
Hope that gives you some ideas,
Arian J. Evans
FishNet Security
913.710.7085 [mobile]
816.701.2045 [office]
----------------------------------------------------------------------------
-- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com for details. ---------------------------------------------------------------------------- -- ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com for details. ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:18 EDT