3Com acknowledges and has verified the existence of the hiperbomb DOS attack. All HiPer ARC software (4.0 - 4.2.29) is vulnerable to the attack. The following workaround will protect your equipment until the software patch becomes available. Defect is logged under 3Com MR#11022 It is possible to add a telnet access list of trusted hosts on the HiPer ARC. It can be assumed that the attack will not come from a trusted host. It is also recommended that you do no allow any telnet sessions from outside your network. To add a telnet access list: 1) add telnet clients. These clients may be individual hosts or networks. "ADD TELNET CLIENT X.X.X.X" "LIST TELNET CLIENTS" will list all configured clients 2) Enable the telnet client access list feature. "ENABLE TELNET CLIENT_ACCESS" A follow up post will be made when the patched code is made available. This workaround can also be found on the 3Com Knowledge Base (3KB) at http://knowledgebase.3com.com/ under document ID: 2.0.2107762.2279004 --------------------------------------------------------- Mike Wronski (mikeat_private) Sr. 3Com Network Systems Engineer / BETA Engineer PGP:http://coredump.ae.usr.com/pgp |-----Original Message----- |From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of |Jonathan Chapman |Sent: Thursday, August 12, 1999 5:11 PM |To: BUGTRAQat_private |Subject: 3com hiperarch flaw [hiperbomb.c] | | |Hello, | |The attached program will reboot a 3com HiperARC. I made an attempt to |contact 3com before posting this report, however, I received no response. |By flooding the telnet port of a 3com HiperARC using the provided program, |the HiperARC unconditionally reboots. This program is effective over all |interfaces, including a dialup. | |Regards, | |Jonathan Chapman |Director of Network Security |FIRST Incorporated |jchapmanat_private www.1st.net | |
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:33 PDT