In-Reply-To: <20021028165345.11929.qmail@mail.securityfocus.com> >Received: (qmail 7861 invoked from network); 28 Oct 2002 22:14:00 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 28 Oct 2002 22:14:00 -0000 > >I have managed to "reduplicate" at least five times the >following scenario with a cisco as5250, with firmwrare >12.2 (11t) release firmware of cisco: > >nmap -dinsane -p 1-65535 ip.of.as5350 This causes a >"hard" lockup, and the device must be powered off in >order to have functionality restored to it. > >Mentioned to PSIRT at cisco, they didn't do anything. > >Sincerely, > >Thomas J. Munn > It seems to be the -p 1-65535 that causes a disconnect on the unit (via ssh) but doesn't crash it, the -dinsane part seems to lock it.A gentlemen emailed me that there is a known "ssh" bug, and yes, ssh was enabled. When just using nmap -sT -p 1-65535 ssh disconnects me, but doesn't kill the box. List of ports, quite fascinating by the way! 22/tcp open ssh 23/tcp open telnet 111/tcp filtered sunrpc 1720/tcp open H.323/Q.931 2216/tcp open unknown 2217/tcp open unknown 2218/tcp open unknown 2219/tcp open unknown 2220/tcp open unknown 2221/tcp open unknown 2222/tcp open unknown 2223/tcp open unknown 2224/tcp open unknown 2225/tcp open unknown 2226/tcp open unknown 2227/tcp open unknown 2228/tcp open unknown 2229/tcp open unknown 2230/tcp open unknown 2231/tcp open unknown 2232/tcp open ivs-video 2233/tcp open unknown 2234/tcp open unknown 2235/tcp open unknown 2236/tcp open unknown 2237/tcp open unknown 2238/tcp open unknown 2239/tcp open unknown 2240/tcp open unknown 2241/tcp open ivsd 2242/tcp open unknown 2243/tcp open unknown 2244/tcp open unknown 2245/tcp open unknown 2246/tcp open unknown 2247/tcp open unknown 2248/tcp open unknown 2249/tcp open unknown 2250/tcp open unknown 2251/tcp open unknown 2252/tcp open unknown 2253/tcp open unknown 2254/tcp open unknown 2255/tcp open unknown 2256/tcp open unknown 2257/tcp open unknown 2258/tcp open unknown 2259/tcp 2260/tcp open unknown 2261/tcp open unknown 2262/tcp open unknown 2263/tcp open unknown 2264/tcp open unknown 2265/tcp open unknown 2266/tcp open unknown 2267/tcp open unknown 2268/tcp open unknown 2269/tcp open unknown 2270/tcp open unknown 2271/tcp open unknown 2272/tcp open unknown 2273/tcp open unknown 2274/tcp open unknown 2275/tcp open unknown 3001/tcp open nessusd 4216/tcp open unknown 4217/tcp open unknown 4218/tcp open unknown 4219/tcp open unknown 4220/tcp open unknown 4221/tcp open unknown 4222/tcp open unknown 4223/tcp open unknown 4224/tcp open unknown 4225/tcp open unknown 4226/tcp open unknown 4227/tcp open unknown 4228/tcp open unknown 4229/tcp open unknown 4230/tcp open unknown 4231/tcp open unknown 4232/tcp open unknown 4233/tcp open unknown 4234/tcp open unknown 4235/tcp open unknown 4236/tcp open unknown 4237/tcp open unknown 4238/tcp open unknown 4239/tcp open unknown 4240/tcp open unknown 4241/tcp open unknown 4242/tcp open unknown 4243/tcp open unknown 4244/tcp open unknown 4245/tcp open unknown 4246/tcp open unknown 4247/tcp open unknown 4248/tcp open unknown 4249/tcp open unknown 4250/tcp open unknown 4251/tcp open unknown 4252/tcp open unknown 4253/tcp open unknown 4254/tcp open unknown 4255/tcp open unknnown Goes up far more
