Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Ascend DoS attack
Ok, This did not work in my enviroment, We Run rip and straight
IP here, And I repeatedly tried to get the MAX to accept my IP address
and it kept assigning my IP's outta the pool.
This was with the K56 Card support load also, so I believe that would
make it tik.m40, 4004 boxes,
Jason Nealis
Erols Internet
On Thu, 26 Jun 1997, Joe Shaw wrote:
> Problem:
> Recently, we noticed a problem in Ascends microcode for the Ascend MAX
> 4000 that allowed any user to request any IP address they wanted. This
> problem surfaced in the 4.x versions of code, works on 5.0Ap8, and
> probably works on most of the versions of Ascend software.
> It was fixed originally some time ago (or at least thats what I was led to
> believe by Ascend), but the problem resurfaced recently. It will work,
> even if you have such things as Assign Adrs and Pool only set to yes.
>
> The problem can be duplicated by just making your settings in windows
> Dialup Networking say Specify IP Address, and then setting it to the ip
> address of a machine on the network you're connecting to. Once connected,
> I telneted from another machine to our router, and sure enough, when I did
> a show ip route xxx.xxx.xxx.xxx, it showed that it was being broadcast via
> OSPF from one of our MAXen, instead of being connected directly to FDDI0.
> I assumed I couldn't get out to the network, but in attempting to telnet
> out from the dialin box, I got to our core cisco and the other machines on
> our network.
>
> Possibilities:
> The ability to take any IP address means that a dialin user can take the
> IP address of a DNS server, a router, anything with an IP address. In
> some instances (where proxy mode is enabled on the MAX) you will be able
> to still route to some machines, while not being able to get to others
> (this depends on the network setup). Also, it's possible to take the IP
> address of one machine by simply dialing up, and while doing so, you could
> possibly rcp over a password file or any other file you wanted to as long
> as the ip address of the machine is trusted. This makes any service that
> works strictly off of authenticatino of IP address extremely vulnerable.
> You could take over DNS services, grab passwords for people checking pop
> mail, and anything else you can think of.
>
> Solution:
> After some poking around, I upgraded all the MAXen to the latest
> version (5.0Ap13), which seems to have fixed the problem. I know most
> Ascend users are leary of doing this, since features are fixed, then
> broken in later versions of code. But, 5.0Ap13 has been working since the
> begining of this week and has proven to be stable doing multi-chasis
> stacking and OSPF.
>
> Sidenotes:
> I don't know if this will work on the MAX TNT, but I'm fairly sure it will
> work on the MAX4002, MAX4004, MAX4048, and MAX4072. If you have one of
> these units, I'd test and make sure, and if you're vulnerable, get the
> latest version of code off ftp.ascend.com.
>
> Joe Shaw - jshaw@insync.net
> NetAdmin - Insync Internet Services
> Learn more, and you will never starve.
>
> ++ Ascend Users Mailing List ++
> To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
> or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
Follow-Ups: