Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
812 Views 5 Replies Latest reply: Apr 10, 2014 4:30 AM by teasanchunji RSS
sharad kapurala Newcomer 2 posts since
Jan 18, 2013
Currently Being Moderated

Jan 18, 2013 5:21 AM

Switch crashed when scanned

Hi All,

 

We have implemented MVM on the network. And were conducting scans on the net devices. When the core switches were scanned, the network disrupted immediately.

Apparently it was due to the scans conducted on the switches (both primary and secondary), as the whole trafiic in the network uses these switches.

 

My query is does MVM have such disruptive vulnerabilities and plugins to crash the switches.

If yes, what are the vulnerabilities (plugins or exploits) for switches, routers and firewalls we can use to avoid such disruption again.

 

Thanks

SCK

  • dfirstbr Newcomer 7 posts since
    Jan 18, 2010
    Currently Being Moderated
    1. Jan 18, 2013 5:44 AM (in response to sharad kapurala)
    Re: Switch crashed when scanned

    Hi SCK

     

    It is important to remember that MVM Vulnerability Manager is discovering an issue and not causing the issue on the target (s). Unless of course you’re unwittingly running ‘Intrusive’ scripts.   We’re using standard RFC compliant packages. Any attacker could have used the same  pattern maliciously to cause the issue. As that’s the case it is important to fix this, but it’s the vendors that need to review the devices.    Normally resolution is either an upgrade to the target, firmware update or a vendor patch.  It is not  a change to our code or scripts.   We can gather information, but that would be to assist the vendor. You would need to speak to the vendor first to figure out what they need.

     

    -dene

     

    Message was edited by: dfirstbr on 18/01/13 05:44:27 CST
  • ritch Newcomer 31 posts since
    Feb 21, 2012
    Currently Being Moderated
    2. Jan 18, 2013 7:29 AM (in response to sharad kapurala)
    Re: Switch crashed when scanned

    Hi SCK

     

    It also rather depends on which vulneraiblities you have selected (shell, web, etc.) and what Operating System the switch is being detected as. I have seen problems on older versions of Oracle, Lexmark Printers, UPS Devices, IOS Devices running very old firmware. We also found that a lot of Webserver interfaces on routers and switches being scanned can cause the devices to die (a config change fixes that),

     

    The other thing to remember is that if your vulnerability scanner can DOS your switches so can any internal attacker (or in some cases legitimate business traffic).

     

    If you can post the the make and firmware version others might know of issues.

     

    Ritch

     

    Message was edited by: ritch on 18/01/13 07:29:56 CST
  • feeeds The Place at McAfee Member 102 posts since
    Apr 26, 2011
    Currently Being Moderated
    3. Jan 18, 2013 8:23 AM (in response to sharad kapurala)
    Re: Switch crashed when scanned

    Can you disclose the Vendor of your Core Switches.  We had an issue where the scanner was generating a DHCP flood across the network, which was resolved with an upgrade of NX-OS

  • teasanchunji Newcomer 1 posts since
    Apr 10, 2014
    Currently Being Moderated
    5. Apr 10, 2014 4:30 AM (in response to feeeds)
    Re: Switch crashed when scanned

    Hi,

     

    We had a same issue with nexus5k.

    N5K with 5.1(3)N1(1)  code.

    Do you know what might caused this issue?

     

    Thanks

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points