Comment by mapontosevenths
1 hour ago
The mere act of scanning for vulnerability often causes outages.
I once ran a vulnerability scan at an industrial company that completely disabled their employees ability to clock in and out. I didnt believe it had anything to do with my scanner at first, but it ran on a schedule and the scanners schedule matched their outages eaxctly.
Eventually it turned out the timecard system had these IOT badge readers with a poorly written tcp stack. It would ACK every SYN, and worse the half open connections never closed, so during a port scan every port was left open until it exhausted the memory on the little buggers.
My point is... you cant know in advance what damage you'll do with this sort of testing. That's kind of the entire reason we have to actually perform the real world tests instead of assuming or emulating them.
It's also the reason that real world scanning without authorization is probably already a crime in most jurisdictions, whether it's enforced or not.
But in a perfect world, the question would be: Is it reasonable to expect an outage by sending a few single TCP packet to a system? Or, were you flooding the system unreasonably?
It is a huge security risk to treat systems as ancient eggshells you must not touch ever. A certain amount of touching has to be reasonable, because that is what foreign actors will do if they need to cause trouble. Apparently you could cause this company major operational harm with a pi zero. Why is that protected by professional ruin and jail time?