Andre M. Hedrick wrote: > > WRT "PowerChute" and "WebAgent", > > Words from "Ted Ives", APCC's software production manager of "PC" and "WA", > there is no way for TCP access. PowerChute is not capable of doing > network sharing protocols. I know this for a fact from conversations with > Ted and Ken A., senior unix programmer. They use the UDP access through a > SNMP port that can not be disclosed. As for granting of TCP access, you > are required to run a remote webserver with "WebAgent" overlaid, somehow, > to broadcast UPS status from "PowerChute" to that "remote webserver". > > Thus IMHO, there is no way for you to easily punch a hole in that security > method, due the difficulty is maintaining a UDP connection as an unlisted > manager. Since the service port is below 2000, you run into the super > user status limits. I don't know if I understand you correctly, but the UDP broadcasts from upsd running on the system with the APCC plugged into it are not only easy to read, they are also easy to spoof. If one machine is relying on these UDP packets (e.g. shutting down if one comes in with a "on battery" for a certain period of time) this could be BAD. As far as I know, no one is that naive. But the UDP port that status requests and responses are sent on are 654[789]. An easy way to crash it is send a spurious packet to 6549. My program earlier posted on BugTraq (downupsd.c) did this. I have also written numerous programs that monitor UPSs from afar using this UDP status mechanism. I actually keep these running despite the security mechanisms (none of my machines depend on info from them AND no one that I know of has exploited to a root shell through this) in order to monitor building surges and wiring faults. (pretty nifty use and CHEAP when you compare the price of a few SmartUPSs you ALREADY own and hiring a professional to come in and hang out until something bad happens). If anyone is interested in communications over UDP with the APCC upsd daemon write me personally, it has no place on BugTraq. -- Theo Schlossnagle Senior Systems Engineer 33131B65/2047/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7 DISCLAIMER: The spelling and grammar usage above does not reflect the intelligence of the author. A sendmail patch provides pre-delivery grammar and spelling mutation to reduce certain suspicions concerning the author's whereabouts and activities.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:37 PDT