3 Replies Latest reply on Oct 18, 2018 12:07 PM by gilbert.aispuro

    Port Scan Bricks Router

    gilbert.aispuro New Member

      We currently have a security company that is testing our infrastructure using Nessus. Every time they run a test on our routers, (Total Access 930 and Netvanta 5560), they hit 100% CPU utilization, brick and our internet goes out.  I even tried to console into the router when its unresponsive and I get nothing but garbage text spewing out.  I've tried two different serial cables, tried every possible setting in the terminal and still nothing. After a I kill power to the appliance and it reboots, everything is restored and we have internet connectivity again.

       

      Any reason this would happen? Is there anything I can do on my end to prevent this from happening? Any commands? Rate-limiting?

        • Re: Port Scan Bricks Router
          gilbert.aispuro New Member

          Found the issue. So I decided to debug when they were pen testing and I noticed that the pen-laptop ended up peering with my CenturyLink  BGP connection, essentially kicking the router peering off and removing all my routes. I believe next step would be to add a password on our peering. haha.

           

          Wow, what a test.

          • Re: Port Scan Bricks Router
            otiecoyote New Member

            I'm curious about this as well.. I see your answer has been answered, but we have a customer who had someone do a port scan on their 3200 and it took their router down until well after the port scan was done. For Adtram, do you know anything that would cause issues on Netvatas with WAN side port scans? .. Out specific customer had a T1 connection to the WAN.

              • Re: Port Scan Bricks Router
                gilbert.aispuro New Member

                So the Pen testing is being conducted internally and hitting all of our sites via BGP in our MPLS. We survived the initial test because I told the Pen company to exclude interface, WAN IPs and exclude port 179 out of the scan, basically excluding the router.

                 

                We just had another issue last night were I lost BGP connection during the scan at another location, NetVanta 5600 series. I believe the router couldn't handle the amount of packets coming from one site to another, so it maxed CPU and was dropping packets due to maximum amount of connections.

                 

                The thing is, I've told the Pen company to scan VERY slow and they told me they had the scan at the lowest settings possible.

                 

                All in all, I think I might have to find an alternative in routing. I inherited these routers when I came on almost a year ago.