Re: Compaq/Microcom 6000 DoS + more

From: Shiloh Costa (costaat_private)
Date: Fri Aug 14 1998 - 09:39:20 PDT

Next message: Theo Schlossnagle: "Re: APC UPS Power Shute PLUS exploit..."

Previous message: gilbertat_private: "Re: solaris 2.x rdist exploit/ too many humbles :P"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Enclosed is my open reply to Compaq/Microcom:

---------------------------------------------
At 10:31 AM 14/08/98 -0500, you wrote:
>
>The Compaq 6000 has no security problems.

Yes it does.

>The problem is that ALEC does not know how to deny telnet to specific Ip
>addresses.

No. The problem is that your username/password login process is poorly
written.

Did you read this? If so, please read it over 10 times, and then have
someone else rephrase it for you:

>   The denial of service problem is this: there is no timeout when typing
>in the username and password - from what I have seen, a user can make a
>telnet connection to the MNC or PRI card and leave the connection open
>indefinitely. If the user only has one connection open, then this is not
>problem. However, the system will not accept more than 4 telnet connections
>at one time. Thus, a malicious user/hacker could open 4 telnet connections
>to either (or both cards) and deny all legitimate connections to the card.
>   The other problem is that the system does not close the connection after
>a specified number of invalid login attempts. A program such as 'crack'
>

If I want to make 4 subsequent telnet sessions to the Login/Username
prompt, it will stop the rightful owner from accessing the machine unless
he powercycles it.  That is a denial of Service.

Also, the login and password attempts should time out if no data is
received over a certain amount of time.

Futhermore, after 3 incorrect password entries, it should reset and cause
the person to re-telnet the box.

This is standard with the Ascend Max product we use, as well as, the
Computone Powerrack we use.

>That was the solution we gave him, he did not like it. Maybe it's too much
>work.

No, maybe its not fixing the real issue which is an improperly written
Login/Password interface.

>The above mentioned solution should be standard policy for any system
>administrator, that has internet access on his network. Not only for the
>6000, but any server's or any
>communication equipment that is on a given network.

You're 100% wrong.

>Jim Kerwin
>COMPAQ - NAC
>Networking Support Engineer
>*E-Mail: James.Kerwinat_private

Jim..

Rather than cause futher embarassment to your company, please get
engineering to put some modifications in the next kernel release.

Shiloh Costa
Senior System Administrator
MDI Internet Inc.

Next message: Theo Schlossnagle: "Re: APC UPS Power Shute PLUS exploit..."
Previous message: gilbertat_private: "Re: solaris 2.x rdist exploit/ too many humbles :P"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:41 PDT