Re: (ASCEND) Feature Requests and Ascend?

To: Eric Wieling <eric@ccti.net>
Subject: Re: (ASCEND) Feature Requests and Ascend?
From: Marc Slemko <marcs@znep.com>
Date: Fri, 10 Oct 1997 11:00:31 -0600 (MDT)
cc: ascend-users@max.bungi.com
In-Reply-To: <19971010100343.55254@ccti.net>
Sender: owner-ascend-users@max.bungi.com

On Fri, 10 Oct 1997, Eric Wieling wrote:

> If someone wanted to "take down" UUNET's (or any other provider that
> uses a lot of Ascend Max's) dial-up network, I wonder if it would
> really be that easy.  Any one volunteering to try?  Those 3l33t d00ds
> on IRC are sure to try eventually.

It would if they had immediate modem enabled.  I would bet that very few
do.

The problem with this attack is that it is difficult to do without
using a real IP address.  That makes it easy to trace. 

OTOH, I haven't looked at how randomized the initial sequence number
generation on MAXes is.  If it is poor, it could well be possible
to do with forged source addresses.  Ascend's TCP code isn't overly
robust; doesn't normally matter since it is just routing.  I still
remember the cool bug where I could disconnect from a telnet session
to a MAX (even reboot the client the telnet connection came from),
then when I made another telnet connection from the same client it
would immediately drop me into the max where I was when I left--no
authentication, nothing.  I brought this up with Ascend once upon
a time, but they didn't seem to interested in trying to track it
down.  Since it isn't a huge security problem (only happens in rare
circumstances, incolving the same host making the connections and
a loss of network connectivity between the client and the MAX for
just the right time period.

> 
> There are a LOT of Black Hats out there.  Both MCSNet and ANet-Chi
> (two fairly large midwestern ISP's) were taken out for several hours
> within the past two weeks.  Both have at least 2 T-3's to different
> backbone providers.  EVERY DAY ISP's, both large and small suffer
> Denial of Service Attacks that cripple thier networks.  These attacks
> cost ISP's a lot of money.  They piss off customers, require staff to
> come into the NOC, degrade service, and take a lot of people's time.

Exactly.  And vendors have a responsibility to make their boxes 
resistent to such attacks.  It must be a basic part of any feature.

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) Feature Requests and Ascend?

From: Eric Wieling <eric@ccti.net>

References:

Re: (ASCEND) Feature Requests and Ascend?

From: Eric Wieling <eric@ccti.net>

Prev by Date: Re: (ASCEND) PPP Echo Failed with Macintosh Customers
Next by Date: (ASCEND) Re: PPP Echo Failed with Macintosh Customers
Prev by thread: Re: (ASCEND) Feature Requests and Ascend?
Next by thread: Re: (ASCEND) Feature Requests and Ascend?
Index(es):
- Main
- Thread