Endura NSM5200 may stop functioning to perform playback when performing a network vulnerability scan.

Issue

When performing a network vulnerability scan on an Endura system the NSM5200 may stop functioning to perform playback.

Product Line

Pelco Video Management

Environment

Endura NSM5200 02.03.00 and below.

Cause

The analysis we have thus far suggests that we have a compatibility problem between the workload that the NSM5200 is designed to accommodate and the extra load induced by some vulnerability scan tools. The NSM5200, nor the rest of the Endura components were designed to accommodate run-time scans for vulnerability or virus protection. The system was designed for a consistent, 24/7/365 duty cycle and runs into software thread conflicts when a foreign application asks for or consumes resources.

Resolution

note: This issue has been resolved in NSM Release Version 02.03.01.0259 (Release Notes); See Lessons Learned Article #12660 for important stability information prior to updating.

To recover from this occurrence it will be necessary to reboot the NSM5200. To prevent it from occurring again we encourage installations to implement network safeguards at the network level and avoid running virus or vulnerability scans on the components themselves.

To determine if you have this problem perform the following tasks:

  1. Review the messages log file located in /var/log of the NSM5200 or obtainable via the 'Get log files...' device macro in Endura Utilities.
  2. Look for messages within the same time frame when the vulnerability scanner was run that reads similar to 
    • nsddevice: CO: Unable to access CDB -- Skipping resource sync
    • nspdevice: DM: Received notification for unknown observable object
    • sshd[9353]: Did not receive identification string from 192.168.1.10.  Note: 192.168.1.10 will be the IP address of the vulnerability scanner.

      This issue will also include a segmentation fault by the networkconfig service as well. To check for this, follow the procedure below.
       
  3. SSH into the NSM5200 in question
  4. Type nsterm and press enter. 
  5. Type find and press enter.
  6. Locate the networkconfig service associated with this NSM5200 and then type the number listed in the far left ### column followed by enter.
  7. While in the networkconfig screen, run the vulnerability scanner and watch for the error message Segmentation fault to display followed by the networkconfig screen exiting.
  8. If the Segmentation fault message does not appear, the screen will not close automatically.  To close, type exit and press enter.  At this point, the linux command prompt will reappear on the screen and the SSH session can be closed.