Re: protocol 191?

From: Ken Williams (jkwilli2at_private)
Date: Thu Jun 18 1998 - 11:31:15 PDT

Next message: SGI Security Coordinator: "IRIX mail(1)/rmail(1M)/sendmail(1M) Security Vulnerabilities"

Previous message: Phillip R. Jaenke: "Re: another remote pine vunerability"
Maybe in reply to: Il Oh: "protocol 191?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

protocol 191 is commonly used on Ascend routers for the Prospero Directory
Service.  not used on any Cisco routers, as far as i know.  191 is used in
Sun environments for the Note Manager Object also, though.  i have done a
bit of research and have not found anything on vulnerabilities or exploits
related to protocol 191.  for reference, 191 is generally not used much
any more, with the two exceptions noted above.

regards,

Ken Williams

Packet Storm Security  http://www.Genocide2600.com/~tattooman/index.shtml
VP of E.H.A.P. Corp.   http://www.ehap.org/  ehapat_private
NC State Comp Sci Dept http://www4.ncsu.edu/~jkwilli2/
PGP DSS & RSA Keys:    http://www.genocide2600.com/cgi-bin/finger?tattooman

On Wed, 17 Jun 1998, Il Oh wrote:

>I've been looking over my cisco filter logs with a paranoid eye ever
>since named crashed on both my name servers.  It's actually been very
>educational.
>
>I saw something the other day that I haven't been able to get any
>information on.  It was a bunch of broadcast packets listed as protocol
>191.  RFC 1700 lists protocols 101-254 as "unassigned".
>
>There was a single broadcast packet for each of my class C networks.
>
>Does anyone have any information about this?
>
>Here are the entries from my log:
>
>Jun 10 00:41:21 shaft.wii.com 58878: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:22 shaft.wii.com 58879: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:23 shaft.wii.com 58880: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:24 shaft.wii.com 58881: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:25 shaft.wii.com 58882: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:25 shaft.wii.com 58883: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:27 shaft.wii.com 58884: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:27 shaft.wii.com 58885: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:29 shaft.wii.com 58886: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:29 shaft.wii.com 58887: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:31 shaft.wii.com 58888: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:32 shaft.wii.com 58889: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:34 shaft.wii.com 58890: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:35 shaft.wii.com 58891: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:36 shaft.wii.com 58892: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:38 shaft.wii.com 58894: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:41 shaft.wii.com 58895: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:42 shaft.wii.com 58896: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:44 shaft.wii.com 58897: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:44 shaft.wii.com 58898: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:45 shaft.wii.com 58899: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:46 shaft.wii.com 58900: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:47 shaft.wii.com 58901: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:49 shaft.wii.com 58902: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:49 shaft.wii.com 58903: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:50 shaft.wii.com 58904: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:51 shaft.wii.com 58905: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>Jun 10 00:41:53 shaft.wii.com 58906: %SEC-6-IPACCESSLOGNP: list 101 denied
>191 <source> -> <dest>, 1 packet
>

Next message: SGI Security Coordinator: "IRIX mail(1)/rmail(1M)/sendmail(1M) Security Vulnerabilities"
Previous message: Phillip R. Jaenke: "Re: another remote pine vunerability"
Maybe in reply to: Il Oh: "protocol 191?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:58:47 PDT