Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(ASCEND) SNMP attack to kill router (P75)



Does anybody know of a bug or something that allows an outside
attacker to kill a Pipeline 75?

Our P75 is running a PERM/SWITCHED connection to our ISP running
5.0Ap7 and Secure Access Firewall.

The SNMP communities have both been changed from the default and SNMP
is not permitted across the firewall.  The firewall is external.

But, consistently I have seen where somebody on the outside is
scanning our entire network using SNMP for 'public'...scanning from
255 down....and a bit more than half way through it appears that the
router reboots, but has trouble reestablishing the session (connects,
lots of CRC errors and then hangup.....)

Is there any significance that the trace dump has '<142>ASCEND' at
the beginning sometimes?

-- 
 Lawrence Chen, P.Eng.          "The Dreamer"               VE6LKC/VE6PAQ
 Computer/Research Engineer                 Email: lawrence@combdyn.com
 Combustion Dynamics Ltd.                   Phone: +1 403 529 2162
 #203, 132 4th Avenue S.E.                    Fax: +1 403 529 2516
 Medicine Hat, AB  T1A 8B5                    URL: http://www.combdyn.com
  "Just a Crazy Engineer with an Amiga and a Newton MP130" - The Dreamer
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>