Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: (ASCEND) Ascend DoS attack
Joe,
You need to turn "pool only" on. It is in Ethernet > Mod Config
> Wan Options > Pool Only = Yes.
Chris
=-=-=-=-=-=-=-=-=-=-=
Chris R. Fairbanks
Network Engineer
WinterLAN, Inc.
2910 Telegraph Ave.
Berkeley, CA 94705
Voice +1.510.486.1812
Fax +1.510.486.1796
http://www.wli.net/
> -----Original Message-----
> From: Joe Shaw [SMTP:jshaw@insync.net]
> Sent: Friday, June 27, 1997 10:07 AM
> To: ascend-users@max.bungi.com
> Subject: (ASCEND) Ascend DoS attack
>
> Problem:
> Recently, we noticed a problem in Ascends microcode for the Ascend MAX
> 4000 that allowed any user to request any IP address they wanted.
> This
> problem surfaced in the 4.x versions of code, works on 5.0Ap8, and
> probably works on most of the versions of Ascend software.
> It was fixed originally some time ago (or at least thats what I was
> led to
> believe by Ascend), but the problem resurfaced recently. It will
> work,
> even if you have such things as Assign Adrs and Pool only set to yes.
>
> The problem can be duplicated by just making your settings in windows
> Dialup Networking say Specify IP Address, and then setting it to the
> ip
> address of a machine on the network you're connecting to. Once
> connected,
> I telneted from another machine to our router, and sure enough, when I
> did
> a show ip route xxx.xxx.xxx.xxx, it showed that it was being broadcast
> via
> OSPF from one of our MAXen, instead of being connected directly to
> FDDI0.
> I assumed I couldn't get out to the network, but in attempting to
> telnet
> out from the dialin box, I got to our core cisco and the other
> machines on
> our network.
>
> Possibilities:
> The ability to take any IP address means that a dialin user can take
> the
> IP address of a DNS server, a router, anything with an IP address. In
> some instances (where proxy mode is enabled on the MAX) you will be
> able
> to still route to some machines, while not being able to get to others
> (this depends on the network setup). Also, it's possible to take the
> IP
> address of one machine by simply dialing up, and while doing so, you
> could
> possibly rcp over a password file or any other file you wanted to as
> long
> as the ip address of the machine is trusted. This makes any service
> that
> works strictly off of authenticatino of IP address extremely
> vulnerable.
> You could take over DNS services, grab passwords for people checking
> pop
> mail, and anything else you can think of.
>
> Solution:
> After some poking around, I upgraded all the MAXen to the latest
> version (5.0Ap13), which seems to have fixed the problem. I know most
> Ascend users are leary of doing this, since features are fixed, then
> broken in later versions of code. But, 5.0Ap13 has been working since
> the
> begining of this week and has proven to be stable doing multi-chasis
> stacking and OSPF.
>
> Sidenotes:
> I don't know if this will work on the MAX TNT, but I'm fairly sure it
> will
> work on the MAX4002, MAX4004, MAX4048, and MAX4072. If you have one
> of
> these units, I'd test and make sure, and if you're vulnerable, get the
> latest version of code off ftp.ascend.com.
>
> Joe Shaw - jshaw@insync.net
> NetAdmin - Insync Internet Services
> Learn more, and you will never starve.
>
> ++ Ascend Users Mailing List ++
> To unsubscribe: send unsubscribe to
> ascend-users-request@bungi.com
> To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
> or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
Follow-Ups: