three-way TCP
Robert Nelson
rnelson at windchannel.com
Fri Oct 8 17:19:59 CEST 2004
> Enter the case of a failed service/host check. Host-checks
> are executed
> in serial, so a host with a max check attempt of 10 would leave 10
> sockets waiting with all sorts of resources clanged down.
If it fails to respond with a syn/ack packet, then I don't think any
resources are available. In any case, unlikely to impact it.
> If you have firewalls that let everything but RST through,
> you've either
> been swindled by your dealer, or you're completely incompetent and
> should be flogged with ethernet cables. Simple as that.
For a loooooong time, Checkpoint-1 had problems like that. Specifically,
if you sent a packet with a fragment ID higher than 1, it assumed that
fragment 1 had already traversed the ruleset and let it go through. You
could also fill its log, and some things would break after that.
Probably not as useful in normal testing, but it's unlikely that anyone
working on Nagios should be flogged for the purchase of such a product
from a highly respected company who provides useful products!</sarcasm>
> >>3. Checks are written to mimic client behaviour. Proper
> >>clients don't go
> >>out of their way to stir up mischief. Unproper ones might, but the
> >>checks aren't designed to be pen-testing apps, but rather tests of
> >>proper standards-compliant functionality.
> >
> >
> > Sometimes you cannot be in the *real* client side to do the
> checks, so you
> > have to adapt the checks.
> >
>
> True, but I can't think of any one single occasion where that would
> include not completing the three way handshake.
The material he was responding to simply said that plugins should all be
"safe", i.e. not have the potential to cause problems. However, there
are times you may have to run plugins that can cause damage. HP
Jetdirects are fragile, even with the safe plugins, after all :)
It might be better to say that the nagios-plugins package provides
checks of standards-compliant functionality. Saying that no check plugin
should test in a non-standards compliant manner is overstepping the
bounds a bit.
> Yes. It was a long time since anything was published there
> that's not a
> clean rip-off from bugtraq or equivalent. Read the linenoise and
> you'll know what I mean. I'm sure you'll find your name there
> somewhere.
And as we all know, no-one ever made progress by looking at what others
did and collecting it one place, right?
Rob Nelson
Network Engineer
Windchannel Communications
919-538-6326
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list