Hello, As the Product Manager of the 3Com Office Connect Remote 812 and 840, I have the following response: It appears that both individuals posting on these products have not taken the opportunity to download the software patch for the OCR812 router software version 1.1.9. In responding to the specific points below, however, it is certainly possible to employ port filtering on the WAN interface for ports 23 and 53 if the customer desires, following the same methodology as the port 80 filter available on the 3Com web site (http://support.3com.com/infodeli/tools/remote/ocradsl/http_filtering.pdf). More to the point however, our customers have requested that these routers be managed remotely from the WAN by default. In most cases, they also employ another method supported on these products called access lists. Access lists will only allow ip addresses in the range configured to access the management interfaces. For details on Access Lists see the Command Line Interface manual available at: http://support.3com.com/infodeli/tools/remote/ocradsl/20/812_cli20.pdf Page 6-31 details how access lists are configured. I suggest that if access lists are used and used properly, the DoS issues below do not exist. The OCR840 never had a software version as indicated below. What version was this verified against? -Tom Kinahan Product Manager OCR812/OCR840/OCR612 > >----- Original Message ----- >"BugTraq" <BUGTRAQat_private> >Sent: Sunday, September 23, 2001 11:09 AM >Subject: Re: 3Com OfficeConnect 812/840 Router DoS exploit code >> // 3Com OfficeConnect 812/840 ADSL Router Denial of Service (maybe others) >Filtering port 80 on the WAN interface is enough to prevent this DoS. Port >53 UDP and port 23 telnet are also wide open by default. In fact, this is >(IMHO) a bad symptom of lack of care in security. >As another issue, 3com 812 ADSL routers do NAT. This is great since you plug >in up to 40 PCs and do not have to care very much about settings. However, >the TCP/IP stack of these routers shamelessly uses fixed-increment ISNs on >packets, thus making a connection hijack / spoofing attack fairly simple. >Since they do NAT, every outbound packet suffers of this "carelessness". >I hope that someone from 3com hears us here... since on their whole site >there is NO SECURITY CONTACT whatsoever. This is another bad sign for a >network hardware vendor. >Stefano "Raistlin" Zanero >System Administrator Gioco.Net >public PGP key block at http://gioco.net/pgpkeys >-------------------------------------------------------------------------------------------------------------------- >// 3Com OfficeConnect 812/840 ADSL Router Denial of Service (maybe others) >// security is weak >// Written pour sniffer <snifferat_private> >// Fri Sep 21 15:51:35 BRT 2001 >// Viva Brazil! >vulnerable > 3com OfficeConnect DSL Router 812 1.1.7 > 3com OfficeConnect DSL Router 840 1.1.7 > .---. .---------- Bruno Lacerda Ratnieks, > / \ __ / ------ Technical Comm Developer > / / \( )/ ----- Openweb Consultoria e Desen. > ////// ' \/ ` --- ««-»» > //// / // : : --- email: brunoat_private > // / / /` '-- mobile: (51) 983-665-40 >// //..\\ icq: 11111117 > ====UU====UU==== ««-»» > '//||\\`
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 16:16:01 PDT