Re: (ASCEND) Ascend DoS attack

To: Joe Shaw <jshaw@insync.net>
Subject: Re: (ASCEND) Ascend DoS attack
From: Jason Nealis <nealis@babylon.erols.com>
Date: Sun, 29 Jun 1997 13:02:15 -0400 (EDT)
cc: ascend-users@bungi.com
In-Reply-To: <Pine.GSO.3.96.970628212602.3982B-100000@vellocet.insync.net>
Sender: owner-ascend-users@max.bungi.com



 I tried this on 5.0AP8, and 5.0AP5. I'm going to look into it further
tonight, but everything I tried the MAX turned me down when I tried
to specify a IP address.

Jason


On Sat, 28 Jun 1997, Joe  Shaw wrote:

> Might have been a problem with OSPF (lately I've noticed it to be getting
> flaky again) on the MAXen, but I'm not sure.  I don't have the luxury of
> being able to test this, since I have very little test equipment.  
> 
> BTW, what version of the code did you test this on?
> 
> Joe Shaw - jshaw@insync.net
> NetAdmin - Insync Internet Services
> "Learn more, and you will never starve." - Paraphrase of Lee
> 
> On Sat, 28 Jun 1997, Jason Nealis wrote:
> 
> > 
> > 
> > Ok, This did not work in my enviroment, We Run rip and straight
> > IP here, And I repeatedly tried to get the MAX to accept my IP address
> > and it kept assigning my IP's outta the pool.
> > 
> > This was with the K56 Card support load also, so I believe that would
> > make it tik.m40, 4004 boxes, 
> > 
> > Jason Nealis
> > Erols Internet
> > 
> > 
> > On Thu, 26 Jun 1997, Joe Shaw wrote:
> > 
> > > Problem:
> > > Recently, we noticed a problem in Ascends microcode for the Ascend MAX
> > > 4000 that allowed any user to request any IP address they wanted.  This
> > > problem surfaced in the 4.x versions of code, works on 5.0Ap8, and
> > > probably works on most of the versions of Ascend software.
> > > It was fixed originally some time ago (or at least thats what I was led to
> > > believe by Ascend), but the problem resurfaced recently.  It will work,
> > > even if you have such things as Assign Adrs and Pool only set to yes.
> > > 
> > > The problem can be duplicated by just making your settings in windows
> > > Dialup Networking say Specify IP Address, and then setting it to the ip
> > > address of a machine on the network you're connecting to.  Once connected,
> > > I telneted from another machine to our router, and sure enough, when I did
> > > a show ip route xxx.xxx.xxx.xxx, it showed that it was being broadcast via
> > > OSPF from one of our MAXen, instead of being connected directly to FDDI0.
> > > I assumed I couldn't get out to the network, but in attempting to telnet
> > > out from the dialin box, I got to our core cisco and the other machines on
> > > our network.
> > > 
> > > Possibilities:
> > > The ability to take any IP address means that a dialin user can take the
> > > IP address of a DNS server, a router, anything with an IP address.  In
> > > some instances (where proxy mode is enabled on the MAX) you will be able
> > > to still route to some machines, while not being able to get to others
> > > (this depends on the network setup).  Also, it's possible to take the IP
> > > address of one machine by simply dialing up, and while doing so, you could
> > > possibly rcp over a password file or any other file you wanted to as long
> > > as the ip address of the machine is trusted.  This makes any service that
> > > works strictly off of authenticatino of IP address extremely vulnerable.
> > > You could take over DNS services, grab passwords for people checking pop
> > > mail, and anything else you can think of.
> > > 
> > > Solution:
> > > After some poking around, I upgraded all the MAXen to the latest
> > > version (5.0Ap13), which seems to have fixed the problem.  I know most
> > > Ascend users are leary of doing this, since features are fixed, then
> > > broken in later versions of code.  But, 5.0Ap13 has been working since the
> > > begining of this week and has proven to be stable doing multi-chasis
> > > stacking and OSPF.
> > > 
> > > Sidenotes:
> > > I don't know if this will work on the MAX TNT, but I'm fairly sure it will
> > > work on the MAX4002, MAX4004, MAX4048, and MAX4072.  If you have one of
> > > these units, I'd test and make sure, and if you're vulnerable, get the
> > > latest version of code off ftp.ascend.com.
> > > 
> > > Joe Shaw - jshaw@insync.net
> > > NetAdmin - Insync Internet Services
> > > Learn more, and you will never starve.
> > > 
> > > ++ Ascend Users Mailing List ++
> > > To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> > > To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
> > > or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
> > > 
> > 
> > 
> 

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>

Follow-Ups:

Re: (ASCEND) Ascend DoS attack

From: Joe Shaw <jshaw@insync.net>

References:

Re: (ASCEND) Ascend DoS attack

From: Joe Shaw <jshaw@insync.net>

Prev by Date: Re: (ASCEND) Ascend DoS attack
Next by Date: Re: (ASCEND) Re: Did anyone get this shit?
Prev by thread: Re: (ASCEND) Ascend DoS attack
Next by thread: Re: (ASCEND) Ascend DoS attack
Index(es):
- Main
- Thread