Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
<== Date ==> <== Thread ==>

Subject: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request]
From: "J. Lewis Muir" <jlmuir@imca-cat.org>
To: Mark Engbretson <engbretson@anl.gov>
Cc: 'EPICS Tech Talk' <tech-talk@aps.anl.gov>
Date: Wed, 24 Jan 2018 09:51:04 -0600
On 01/23, Mark Engbretson wrote:
> For whatever it is worth, there are a large number of Ethernet devices
> that have to be manually reset at the APS when the network police run
> their various port scans - PLC systems, Area Detectors, Galil Ethernet
> motor controllers, whatever.

Hi, Mark.

Frankly, that's sad.

> Their docs also state clearly that such hardware is intended to
> be used on an isolated or protected network. I do not think that
> any software or hardware vendor is going to say their server
> implementations can 100% survive what is essentially a DOS attack.

A port scan is not a DOS attack.  Software that crashes due to receiving
an invalid packet has a DOS vulnerability because that vulnerability
could be used in a DOS attack.  Obviously, I understand that the
software is intended to be used on a trusted network, but crashing
because it receives an invalid packet is a bug and should be fixed.

Regards,

Lewis

References:
Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Shuei YAMADA
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Benjamin Franksen
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Hartman, Steven M.
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
RE: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Engbretson

Navigate by Date:
Prev: Career Opportunity White, Karen S.
Next: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
Navigate by Thread:
Prev: RE: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Engbretson
Next: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Rivers
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
ANJ, 24 Jan 2018 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·