So I am working on a project to help a friend, and while running nmap
with the following syntax:
"nmap -sS -P0 -O -sV -p0-65535" I locked up m0n0wall running 1.3b4.
Repeating the experiment, but this time monitoring the firewall, I
observed the CPU spike to 75%, the state table grow huge, and the memory
usage climb to 30% before the firewall locked up. Killing the nmap
process and then waiting for the states to clear makes the firewall
happy, but it is still stuck with 30% memory used from 11% on my config
on a soekris 8501 with the extra memory. (256MB I think.) I was able
to repeat this at will, so it seems to be quite constant.
I have rolled back to 1.3b3 and rerun the nmap and I see the following
system performance differences: Memory usage only climbs to 24% during
the test, which remains "lost" even after the nmap scan is completed.
(Not sure when this is cleaned up normally as I haven't been watching
CPU stat all that closly in the past. This could be normal for all I
know, with clean up happening in an hour or so.) CPU usage stays between
25-40% and the state tables don't seem to get filled up and all returns
to normal after the nmap scan is complete. E.g. most notable the
firwall keeps processing new states and operates in all other
capacities, and of course the scan completes as required.
I don't see anything in the change notes from 1.3b3 to 1.3b4 that might
cause this. Any ideas on what to look for so I can perhaps provide more
info on this, and can someone recreate this issue on your end? Thanks!