cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 6

Switch crashed when scanned

Hi All,

We have implemented MVM on the network. And were conducting scans on the net devices. When the core switches were scanned, the network disrupted immediately.

Apparently it was due to the scans conducted on the switches (both primary and secondary), as the whole trafiic in the network uses these switches.

My query is does MVM have such disruptive vulnerabilities and plugins to crash the switches.

If yes, what are the vulnerabilities (plugins or exploits) for switches, routers and firewalls we can use to avoid such disruption again.

Thanks

SCK

5 Replies
dfirstbr
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Switch crashed when scanned

Hi SCK

It is important to remember that MVM Vulnerability Manager is discovering an issue and not causing the issue on the target (s). Unless of course you’re unwittingly running ‘Intrusive’ scripts.   We’re using standard RFC compliant packages. Any attacker could have used the same  pattern maliciously to cause the issue. As that’s the case it is important to fix this, but it’s the vendors that need to review the devices.    Normally resolution is either an upgrade to the target, firmware update or a vendor patch.  It is not  a change to our code or scripts.   We can gather information, but that would be to assist the vendor. You would need to speak to the vendor first to figure out what they need.

-dene

Message was edited by: dfirstbr on 18/01/13 05:44:27 CST
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 6

Re: Switch crashed when scanned

Hi SCK

It also rather depends on which vulneraiblities you have selected (shell, web, etc.) and what Operating System the switch is being detected as. I have seen problems on older versions of Oracle, Lexmark Printers, UPS Devices, IOS Devices running very old firmware. We also found that a lot of Webserver interfaces on routers and switches being scanned can cause the devices to die (a config change fixes that),

The other thing to remember is that if your vulnerability scanner can DOS your switches so can any internal attacker (or in some cases legitimate business traffic).

If you can post the the make and firmware version others might know of issues.

Ritch

Message was edited by: ritch on 18/01/13 07:29:56 CST
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 6

Re: Switch crashed when scanned

Can you disclose the Vendor of your Core Switches.  We had an issue where the scanner was generating a DHCP flood across the network, which was resolved with an upgrade of NX-OS

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 6

Re: Switch crashed when scanned

Hi,

We had a same issue with nexus5k.

N5K with 5.1(3)N1(1)  code.

Do you know what might caused this issue?

Thanks

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 6

Re: Switch crashed when scanned

Thanks guys,

Ritch / Feeds,

We were scanning HP 8206 zl switches using MVM 7.5. Also, let know what vulnerabilities (plugins) support the net devices (firewalls, switches, IPS, Routers) and if there is any documentation on it. Appreciate the help.

Cheers

SCK

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community