Re: Security Issues with Ascend Routing Hardware, fix

Ed Miller ( (no email) )
Wed, 18 Mar 1998 08:55:14 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Lloyd Brunt: "Re: Reverse DNS using Microsoft DNS"
Next message: Josh Hillman: "Post.Office mail-blocking measures"
Maybe in reply to: Josh Hillman: "Security Issues with Ascend Routing Hardware, fix"

Josh Thanks for the info.

>Security Issues with Ascend Routing Hardware
>http://www.secnet.com/sni-advisories/sni-26.ascendrouter.advisory.html
>
>If someone runs this program, pointing it to a Max (I think Pipelines,
>too), the Max will reset with a Fatal Error. I don't think it makes a
>difference what operating system version you're using.
>We tested it on one of our Maxes and sure enough, it worked:
>
> FATAL ERROR: Index: 1 Load: tm.m40 Revision: 6.0.0
> Date: 03/17/1998. Time: 10:27:58
> Location: b013b5f4 b013d1b4 b013ca08 b001cc48 b001f22c b0071428
>
>The Max boots back up in about 2 minutes and all settings are still intact.
>
>My partner here set up a filter in our Maxes to prevent attacks from
>incoming traffic across the net and afterward, the attack had no effect.
>We haven't experimented with our Pipeline 50s yet...
>
>--
>The following is how to set up the filter to block UDP traffic to port 9
>on the Ascend boxes. The only thing this will break that I am aware of is
>the Ascend Java Configurator, but nobody seems to use that anyway.
>
>Go to:
>
>Ethernet --> Filters --> IP Call --> Input Filters
>
>Edit "In filter 12" and give it the following settings:
>
>Valid=Yes
>Type=Generic
> Generic...
> Forward=Yes
>
>If you don't do the above, it will block all network traffic through your
>Max.
>
>Edit "In filter 01" and give it the following settings:
>
>Valid=Yes
>Type=IP
> IP...
> Forward=No
> Src Mask=0.0.0.0
> Src Adrs=0.0.0.0
> Dst Mask=255.255.255.255
> Dst Adrs=(your Max IP address)
> Protocol=17
> Src Port Cmp=Eql
> Src Port #=9
> Dst Port Cmp=Eql
> Dst Port #=9
> TCP Estab=N/A
>
>Then go to:
>
>Ethernet --> Mod Config --> Ether Options
>
> change the Filter to 1
>
>All of this is assuming you are not currently using any filters in your
>Max.
>
>You also might want to try it out on dial-in connections (since the
>Maxes can filter on both ethernet and dial-in) since users can try
>this on other people.
>
>Adam Rinn
>TalStar Communications
>--
>Josh Hillman
>hillman@talstar.com
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
>

Previous message: Lloyd Brunt: "Re: Reverse DNS using Microsoft DNS"
Next message: Josh Hillman: "Post.Office mail-blocking measures"
Maybe in reply to: Josh Hillman: "Security Issues with Ascend Routing Hardware, fix"