For whatever it is worth, there are a large number of Ethernet devices that have to be manually reset at the APS when the network police run their various port scans - PLC systems, Area Detectors, Galil Ethernet motor controllers, whatever.
Their docs also state clearly that such hardware is intended to be used on an isolated or protected network. I do not think that any software or hardware vendor is going to say their server implementations can 100% survive what is essentially a DOS attack.
You used to be able to crash CA gateways or even VxWorks hardware even with valid packets if you had an ill-behaved application just performing non stop stupid requests that are never shut down correctly. You could overflow/fragment memory before zombie client cleanup routines get triggered.
Decent packet validation software probably has real world big bucks applications.
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Michael Davidsaver
Sent: Tuesday, January 23, 2018 3:45 PM
To: Hartman, Steven M. <[email protected]>; Benjamin Franksen <[email protected]>
Cc: EPICS Tech Talk <[email protected]>
Subject: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request]
On 01/23/2018 10:54 AM, Hartman, Steven M. wrote:
> Nonetheless, a malformed packet crashing a server would be considered in bug in the server implementation and should be fixed.
I don't think anyone is going to argue that these sort of issues shouldn't be fixed.
The problem is as usual a question of time and/or money. Actively finding and _fixing_ packet validation issues has never been a priority for anyone.
FYI, if someone could spend time on this, a place to start might be:
https://github.com/mdavidsaver/catvs
which is a framework I started for verifying consistency between CA implementations. This works be constructing packets with a python script. It is straightforward to create invalid/corrupt messages.
A test case for zero length PVs could be added here
https://github.com/mdavidsaver/catvs/blob/master/catvs/server/test_search.py#L16
- Replies:
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Rivers
- References:
- Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Shuei YAMADA
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Benjamin Franksen
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Hartman, Steven M.
- Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
- Navigate by Date:
- Prev:
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
- Next:
Modbus Device Support for Advantech ADAM6050? Maren Purves
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
- Next:
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
|