From: Rob Shein (shoten@starpower.net)
Date: Wed Nov 24 2004 - 16:46:17 EST
I'm not sure without knowing more about the nature of the scan (how fast you
were running it, whether you were on the local network or doing it remotely,
etc.) but I can think of something that would cause this. Let's say you
have a subnet with 23 stop bits, being about 2 class C's in size. Now
assume that it's only about 25% populated, for example...if you do a port
scan where you assume that hosts cannot be pinged, for every port on each
unused IP you're going to trigger some "who has W.X.Y.Z?" arp requests. And
since those requests, unlike ones for systems that actually do exist, won't
be answered, they also won't be cached anywhere, which means that for EVERY
port you scan, you'll be triggering 75% x 510 = about 380 arp requests. And
if you're scanning really fast...that's going to raise hell with things.
> -----Original Message-----
> From: dale ball [mailto:dale_ball@yahoo.com]
> Sent: Tuesday, November 23, 2004 1:34 PM
> To: pen-test@securityfocus.com
> Subject: Retina scans caused broadcast storms
>
>
> Has anyone ever caused a full blown broadcast storm by using
> the Retina Security Scanner.
>
> Its looks as if I may caused a severe slow down on a network
> recently and think the scanner may have caused it. What I am
> trying to determine is whether existing problems in the
> switching enviroment may have been exaserbated by the use of
> the scanner.
>
> Anybody else ever experience these sorts of issues with Retina?
>
> dale
>
>
>
> __________________________________
> Do you Yahoo!?
> The all-new My Yahoo! - Get yours free!
> http://my.yahoo.com
>
>
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:09 EDT