Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) Ascend DoS attack



Then I would most likely believe that it's an OSPF problem that existed
before 5.0Ap13.  I'll downgrade one of our maxen to 5.0ap8 again, and turn
it to do rip instead of OSPF.  One question, are you running rip1 or rip2?
We recently switched back to rip2 because OSPF started flaking out again
(still not sure if it's the MAX or another piece of hardware).  Also, I'm
interested to see if it's something limited to our network setup.  We've
got a dual FDDI ring, and our maxen terminate into a fddi/ethernet switch.
I released the bug to bugtraq, and subsequently the ascend list to see if
anyone else experienced the problem.  So far, I've gotten very little
feedback from people, but so far, no one else has been able to reproduce
the bug.  Interesting...

Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services
"Learn more, and you will never starve." - Paraphrase of Lee

On Sun, 29 Jun 1997, Jason Nealis wrote:

> 
> 
>  I tried this on 5.0AP8, and 5.0AP5. I'm going to look into it further
> tonight, but everything I tried the MAX turned me down when I tried
> to specify a IP address.
> 
> Jason
> 
> 
> On Sat, 28 Jun 1997, Joe  Shaw wrote:
> 
> > Might have been a problem with OSPF (lately I've noticed it to be getting
> > flaky again) on the MAXen, but I'm not sure.  I don't have the luxury of
> > being able to test this, since I have very little test equipment.  
> > 
> > BTW, what version of the code did you test this on?
> > 
> > Joe Shaw - jshaw@insync.net
> > NetAdmin - Insync Internet Services
> > "Learn more, and you will never starve." - Paraphrase of Lee
> > 
> > On Sat, 28 Jun 1997, Jason Nealis wrote:
> > 
> > > 
> > > 
> > > Ok, This did not work in my enviroment, We Run rip and straight
> > > IP here, And I repeatedly tried to get the MAX to accept my IP address
> > > and it kept assigning my IP's outta the pool.
> > > 
> > > This was with the K56 Card support load also, so I believe that would
> > > make it tik.m40, 4004 boxes, 
> > > 
> > > Jason Nealis
> > > Erols Internet
> > > 
> > > 
> > > On Thu, 26 Jun 1997, Joe Shaw wrote:
> > > 
> > > > Problem:
> > > > Recently, we noticed a problem in Ascends microcode for the Ascend MAX
> > > > 4000 that allowed any user to request any IP address they wanted.  This
> > > > problem surfaced in the 4.x versions of code, works on 5.0Ap8, and
> > > > probably works on most of the versions of Ascend software.
> > > > It was fixed originally some time ago (or at least thats what I was led to
> > > > believe by Ascend), but the problem resurfaced recently.  It will work,
> > > > even if you have such things as Assign Adrs and Pool only set to yes.
> > > > 
> > > > The problem can be duplicated by just making your settings in windows
> > > > Dialup Networking say Specify IP Address, and then setting it to the ip
> > > > address of a machine on the network you're connecting to.  Once connected,
> > > > I telneted from another machine to our router, and sure enough, when I did
> > > > a show ip route xxx.xxx.xxx.xxx, it showed that it was being broadcast via
> > > > OSPF from one of our MAXen, instead of being connected directly to FDDI0.
> > > > I assumed I couldn't get out to the network, but in attempting to telnet
> > > > out from the dialin box, I got to our core cisco and the other machines on
> > > > our network.
> > > > 
> > > > Possibilities:
> > > > The ability to take any IP address means that a dialin user can take the
> > > > IP address of a DNS server, a router, anything with an IP address.  In
> > > > some instances (where proxy mode is enabled on the MAX) you will be able
> > > > to still route to some machines, while not being able to get to others
> > > > (this depends on the network setup).  Also, it's possible to take the IP
> > > > address of one machine by simply dialing up, and while doing so, you could
> > > > possibly rcp over a password file or any other file you wanted to as long
> > > > as the ip address of the machine is trusted.  This makes any service that
> > > > works strictly off of authenticatino of IP address extremely vulnerable.
> > > > You could take over DNS services, grab passwords for people checking pop
> > > > mail, and anything else you can think of.
> > > > 
> > > > Solution:
> > > > After some poking around, I upgraded all the MAXen to the latest
> > > > version (5.0Ap13), which seems to have fixed the problem.  I know most
> > > > Ascend users are leary of doing this, since features are fixed, then
> > > > broken in later versions of code.  But, 5.0Ap13 has been working since the
> > > > begining of this week and has proven to be stable doing multi-chasis
> > > > stacking and OSPF.
> > > > 
> > > > Sidenotes:
> > > > I don't know if this will work on the MAX TNT, but I'm fairly sure it will
> > > > work on the MAX4002, MAX4004, MAX4048, and MAX4072.  If you have one of
> > > > these units, I'd test and make sure, and if you're vulnerable, get the
> > > > latest version of code off ftp.ascend.com.
> > > > 
> > > > Joe Shaw - jshaw@insync.net
> > > > NetAdmin - Insync Internet Services
> > > > Learn more, and you will never starve.
> > > > 
> > > > ++ Ascend Users Mailing List ++
> > > > To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> > > > To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
> > > > or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
> > > > 
> > > 
> > > 
> > 
> 
> 

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>


Follow-Ups: References: