I tried this on 5.0AP8, and 5.0AP5. I'm going to look into it further tonight, but everything I tried the MAX turned me down when I tried to specify a IP address. Jason On Sat, 28 Jun 1997, Joe Shaw wrote: > Might have been a problem with OSPF (lately I've noticed it to be getting > flaky again) on the MAXen, but I'm not sure. I don't have the luxury of > being able to test this, since I have very little test equipment. > > BTW, what version of the code did you test this on? > > Joe Shaw - jshaw@insync.net > NetAdmin - Insync Internet Services > "Learn more, and you will never starve." - Paraphrase of Lee > > On Sat, 28 Jun 1997, Jason Nealis wrote: > > > > > > > Ok, This did not work in my enviroment, We Run rip and straight > > IP here, And I repeatedly tried to get the MAX to accept my IP address > > and it kept assigning my IP's outta the pool. > > > > This was with the K56 Card support load also, so I believe that would > > make it tik.m40, 4004 boxes, > > > > Jason Nealis > > Erols Internet > > > > > > On Thu, 26 Jun 1997, Joe Shaw wrote: > > > > > Problem: > > > Recently, we noticed a problem in Ascends microcode for the Ascend MAX > > > 4000 that allowed any user to request any IP address they wanted. This > > > problem surfaced in the 4.x versions of code, works on 5.0Ap8, and > > > probably works on most of the versions of Ascend software. > > > It was fixed originally some time ago (or at least thats what I was led to > > > believe by Ascend), but the problem resurfaced recently. It will work, > > > even if you have such things as Assign Adrs and Pool only set to yes. > > > > > > The problem can be duplicated by just making your settings in windows > > > Dialup Networking say Specify IP Address, and then setting it to the ip > > > address of a machine on the network you're connecting to. Once connected, > > > I telneted from another machine to our router, and sure enough, when I did > > > a show ip route xxx.xxx.xxx.xxx, it showed that it was being broadcast via > > > OSPF from one of our MAXen, instead of being connected directly to FDDI0. > > > I assumed I couldn't get out to the network, but in attempting to telnet > > > out from the dialin box, I got to our core cisco and the other machines on > > > our network. > > > > > > Possibilities: > > > The ability to take any IP address means that a dialin user can take the > > > IP address of a DNS server, a router, anything with an IP address. In > > > some instances (where proxy mode is enabled on the MAX) you will be able > > > to still route to some machines, while not being able to get to others > > > (this depends on the network setup). Also, it's possible to take the IP > > > address of one machine by simply dialing up, and while doing so, you could > > > possibly rcp over a password file or any other file you wanted to as long > > > as the ip address of the machine is trusted. This makes any service that > > > works strictly off of authenticatino of IP address extremely vulnerable. > > > You could take over DNS services, grab passwords for people checking pop > > > mail, and anything else you can think of. > > > > > > Solution: > > > After some poking around, I upgraded all the MAXen to the latest > > > version (5.0Ap13), which seems to have fixed the problem. I know most > > > Ascend users are leary of doing this, since features are fixed, then > > > broken in later versions of code. But, 5.0Ap13 has been working since the > > > begining of this week and has proven to be stable doing multi-chasis > > > stacking and OSPF. > > > > > > Sidenotes: > > > I don't know if this will work on the MAX TNT, but I'm fairly sure it will > > > work on the MAX4002, MAX4004, MAX4048, and MAX4072. If you have one of > > > these units, I'd test and make sure, and if you're vulnerable, get the > > > latest version of code off ftp.ascend.com. > > > > > > Joe Shaw - jshaw@insync.net > > > NetAdmin - Insync Internet Services > > > Learn more, and you will never starve. > > > > > > ++ Ascend Users Mailing List ++ > > > To unsubscribe: send unsubscribe to ascend-users-request@bungi.com > > > To get FAQ'd: <<A HREF="http://www.shore.net/~dreaming/ascend-faq">http://www.shore.net/~dreaming/ascend-faq</A>> > > > or <<A HREF="ftp://ftp.shore.net/members/dreaming/ascend-faq.txt">ftp://ftp.shore.net/members/dreaming/ascend-faq.txt</A>> > > > > > > > > ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.shore.net/~dreaming/ascend-faq">http://www.shore.net/~dreaming/ascend-faq</A>> or <<A HREF="ftp://ftp.shore.net/members/dreaming/ascend-faq.txt">ftp://ftp.shore.net/members/dreaming/ascend-faq.txt</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <STRONG>Follow-Ups</STRONG>: <UL> <LI><STRONG><A HREF="msg01480.html">Re: (ASCEND) Ascend DoS attack</A></STRONG></LI> <UL> <LI><EM>From</EM>: Joe Shaw <jshaw@insync.net></LI> </UL> </UL> <!--X-Follow-Ups-End--> <!--X-References--> <STRONG>References</STRONG>: <UL> <LI><STRONG><A HREF="msg01470.html">Re: (ASCEND) Ascend DoS attack</A></STRONG></LI> <UL> <LI><EM>From</EM>: Joe Shaw <jshaw@insync.net></LI> </UL> </UL> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg01480.html">Re: (ASCEND) Ascend DoS attack</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg01479.html">Re: (ASCEND) Re: Did anyone get this shit?</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg01470.html">Re: (ASCEND) Ascend DoS attack</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg01480.html">Re: (ASCEND) Ascend DoS attack</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#01478"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd56.html#01478"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>