Can denial of service situations occur through the FusionVM active testing?
Critical Watch has identified two different scenarios upon which active testing could cause a denial of service situation on a network. 1. Consumption of Firewall Connections/Exhaustion of Firewall Resources If an internal VM Server is placed “behind” a firewall and instructed to scan machines on the other side of the firewall, there is the possibility that the VM Server could exhaust the available out-bound connections/resources of the firewall. This has been seen in particular on Cisco PIX firewalls where Port Address Translation was being used to PAT private, internal addresses to the outside interface. Specifically, when the port scanning phase of the scan is performed there are a large number of connections initiated to identify all open ports on a target device. Solution: A) Place the VM Server on a different segment of the network where it does not have to traverse through the firewall to reach the target. B) Provide a static IP translation for the IP address of the testing unit