Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
<== Date ==> <== Thread ==>

Subject: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request]
From: Mark Rivers <rivers@cars.uchicago.edu>
To: "engbretson@anl.gov" <engbretson@anl.gov>
Cc: EPICS Tech Talk <tech-talk@aps.anl.gov>
Date: Wed, 24 Jan 2018 16:03:42 +0000
Hi Mark,

That has not been our recent experience at the APS. Our PLCs (Koyo), VME, motor controllers and areaDetectors have no problems during shutdown periods at the APS when those scans occur. Can you list the specific devices that have problems for you?

Mark


Sent from my iPhone

> On Jan 23, 2018, at 5:32 PM, Mark Engbretson <engbretson@anl.gov> wrote:
> 
> For whatever it is worth, there are a large number of Ethernet devices that have to be manually reset at the APS when the network police run their various port scans - PLC systems, Area Detectors, Galil Ethernet motor controllers, whatever.   
> 
> Their docs also state clearly that such hardware is intended to be used on an isolated or protected network. I do not think that any software or hardware vendor is going to say their server implementations can 100% survive what is essentially a DOS attack. 
> 
> You used to be able to crash CA gateways or even VxWorks hardware even with valid packets if you had an ill-behaved application just performing non stop stupid requests that are never shut down correctly. You could overflow/fragment memory before zombie client cleanup routines get triggered.
> 
> Decent packet validation software probably has real world big bucks  applications.
> 
> -----Original Message-----
> From: tech-talk-bounces@aps.anl.gov [mailto:tech-talk-bounces@aps.anl.gov] On Behalf Of Michael Davidsaver
> Sent: Tuesday, January 23, 2018 3:45 PM
> To: Hartman, Steven M. <hartmansm@ornl.gov>; Benjamin Franksen <benjamin.franksen@helmholtz-berlin.de>
> Cc: EPICS Tech Talk <tech-talk@aps.anl.gov>
> Subject: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request]
> 
>> On 01/23/2018 10:54 AM, Hartman, Steven M. wrote:
>> Nonetheless, a malformed packet crashing a server would be considered in bug in the server implementation and should be fixed. 
> 
> I don't think anyone is going to argue that these sort of issues shouldn't be fixed.
> The problem is as usual a question of time and/or money.  Actively finding and _fixing_ packet validation issues has never been a priority for anyone.
> 
> FYI, if someone could spend time on this, a place to start might be:
> 
> https://github.com/mdavidsaver/catvs
> 
> which is a framework I started for verifying consistency between CA implementations.  This works be constructing packets with a python script.  It is straightforward to create invalid/corrupt messages.
> 
> A test case for zero length PVs could be added here
> 
> https://github.com/mdavidsaver/catvs/blob/master/catvs/server/test_search.py#L16
> 

References:
Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Shuei YAMADA
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Benjamin Franksen
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Hartman, Steven M.
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
RE: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Engbretson

Navigate by Date:
Prev: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
Next: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Michael Davidsaver
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
Navigate by Thread:
Prev: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
Next: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
ANJ, 24 Jan 2018 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·