Novell has responded to the hacks NMRC has developed against Netware 4.x
and NDS. I thought I'd pass on a little of what they've stated.
Apparently the attacks that breach Packet Signature work, even against
recently patched Netware systems if the SET PACKET SIGNATURE LEVEL=3 line
in the AUTOEXEC.NCF is processed during during server boot AFTER Directory
Services loads.
If you can't use LEVEL=3 because of old equipment on your network, I
highly recommend you upgrade, otherwise at least set it to LEVEL=2 and put
it in the NCF file as stated above. This may not help at all, but I'd at
least consider it.
So for you folks out there protecting Netware servers, move the Packet
Signature line up to the very front of AUTOEXEC.NCF, or move it into the
STARTUP.NCF file. That and load the latest DS.NLM (which is at 5.99).
Anything before version 5.95 is vulnerable to the spoofing attacks. I've
breifly confirmed in NMRC labs that this appears to work.
Although they haven't put it out on the web yet, I hope they leave in the
part in their response where they slam Microsoft. Very Microsoftian to
turn a security response into a marketing plug, glad to see someone using
that tact against them for a change ;-)
For details check the Pandora section of the NMRC web site.
.o.
Simple Nomad .oOo. Data warrior, knowledge hunter/gatherer
www.nmrc.org .oOo. thegnomeat_private
.o.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:31 PDT