Subject: |
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] |
From: |
"Hartman, Steven M." <[email protected]> |
To: |
Benjamin Franksen <[email protected]> |
Cc: |
EPICS Tech Talk <[email protected]> |
Date: |
Tue, 23 Jan 2018 18:54:49 +0000 |
> On Jan 23, 2018, at 12:56 PM, Benjamin Franksen <[email protected]> wrote:
>
>>>> Channel Access is not intended for use in a hostile environment.
>>>
>>> I wouldn't call a port scan hostile.
>>>
>>
>> True. Let me rephrase:
>> Channel Access is not intended for use in an environment where clients
>> intentionally send malformed packages.
>
> What about pvAccess in this regard?
Without using strong encryption and robust authentication/authorization, a control system server is going to be vulnerable to hostile clients. In this regard, pvAccess is vulnerable. Network segmentation is still a necessity for pvAccess as it has been for channel access.
pvAccess does have hooks to allow extension to include authentication/authorization. When this happens will depend upon a project or facility having the need and providing the resources or funds to implement.
Nonetheless, a malformed packet crashing a server would be considered in bug in the server implementation and should be fixed.
--
Steven Hartman
[email protected]
- Replies:
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
- References:
- Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Shuei YAMADA
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Benjamin Franksen
- Navigate by Date:
- Prev:
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Benjamin Franksen
- Next:
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Benjamin Franksen
- Next:
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
|