I'm forwarding this so that those not on the usr list can see an alternate workaround until it is fixed... Charles ---------- Forwarded message ---------- Date: Sat, 14 Aug 1999 00:39:36 -0500 (CDT) From: Tatai SV Krishnan <tkrishnaat_private> Reply-To: usr-tcat_private Cc: usr-tcat_private Subject: RE: (usr-tc) HiperARC - Dangerous HiperBomb The workaround for this problem is setting up telnet clients on the hiper arc and enabling telnet client access. This program all it does is tries to open tcp connections, so on the hiper arc do this add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet> enable telnet cli This will tell the hiper arc to have access only from trusted hosts and this program will not cause any crash if some one tries to use it from different hosts. This hower is a work around only - We do understand that this is a serious issue and would come up with a fix. regards krish ----------------------------------------- \ T.S.V. Krishnan \ \ Network System Engineer \ ( : - : ) \ 3Com ............ \ ----------------------------------------------/ tkrishnaat_private ----------------------------/ http://interproc.ae.usr.com ----/ -------------------------------------------------------------------------\ Any Sufficiently advanced bug is indistinguishable for a feature. - Rick Kulawiec -------------------------------------------------------------------------/ On Sat, 14 Aug 1999, Marshall Morgan wrote: > But your own customers can still reboot them via dialup to that NAS. > > Marshall Morgan > > Internet Doorway, Inc. (aka NETDOOR) > > > -----Original Message----- > > From: owner-usr-tcat_private > > [mailto:owner-usr-tcat_private]On Behalf Of Rick > > Sent: Friday, August 13, 1999 10:07 PM > > To: usr-tcat_private > > Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb > > > > > > I can confirm this security-bug EXISTS. I compiled the source of > > hyper-nuke and > > did indeed reboot some of my arcs (4.1.59-6). > > > > As others have stated I would suggest implementing accesslists on > > your routers > > that deny all telnet (tcp-25) traffic to your arcs. > > > > > > Ed Taylor wrote: > > > > > For HiperBomb code check out: > > > > > > http://www.securityfocus.com/templates/archive.pike?list=1 > > > > > > It is very serious and reboots the HiperArc's from anywhere. > > > > > > Ed > > > > > > ---------- Original Message ---------------------------------- > > > From: "Jamie Orzechowski" <mhzat_private> > > > Reply-To: usr-tcat_private > > > Date: Fri, 13 Aug 1999 19:03:36 -0400 > > > > > > >Just reading my Securityfocus email list and attacked was a new "Remote > > > HiPER ARC nuking program" > > > > > > I have the source if anyone cares to have it ... > > > > > > ----- Original Message ----- > > > From: Jonathan Chapman <jchapmanat_private> > > > To: <BUGTRAQat_private> > > > Sent: Thursday, August 12, 1999 6:10 PM > > > Subject: 3com hiperarch flaw [hiperbomb.c] > > > > > > > Hello, > > > > > > > > The attached program will reboot a 3com HiperARC. I made an attempt to > > > > contact 3com before posting this report, however, I received no > > response. > > > > By flooding the telnet port of a 3com HiperARC using the > > provided program, > > > > the HiperARC unconditionally reboots. This program is > > effective over all > > > > interfaces, including a dialup. > > > > > > > > Regards, > > > > > > > > Jonathan Chapman > > > > Director of Network Security > > > > FIRST Incorporated > > > > jchapmanat_private www.1st.net > > > > > > - > > > To unsubscribe to usr-tc, send an email to "majordomoat_private" > > > with "unsubscribe usr-tc" in the body of the message. > > > For information on digests or retrieving files and old messages send > > > "help" to the same address. Do not use quotes in your message. > > > > > > - > > > To unsubscribe to usr-tc, send an email to "majordomoat_private" > > > with "unsubscribe usr-tc" in the body of the message. > > > For information on digests or retrieving files and old messages send > > > "help" to the same address. Do not use quotes in your message. > > > > -- > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > Rick Allan / rickat_private | Connect to a Backbone not a Wishbone > > Head of Network Engineering | Monmouth Internet Corporation > > 732-842-5366=====extension 102 | http://www.monmouth.com > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > > > - > > To unsubscribe to usr-tc, send an email to "majordomoat_private" > > with "unsubscribe usr-tc" in the body of the message. > > For information on digests or retrieving files and old messages send > > "help" to the same address. Do not use quotes in your message. > > > > > > - > To unsubscribe to usr-tc, send an email to "majordomoat_private" > with "unsubscribe usr-tc" in the body of the message. > For information on digests or retrieving files and old messages send > "help" to the same address. Do not use quotes in your message. > - To unsubscribe to usr-tc, send an email to "majordomoat_private" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:22 PDT