Hi, There is a flaw in many looking-glasses (most of them based on the nitrous-digex one ) which allows attackers to gather information about the network which is not intentionally provided through looking-glass functionality: It seems that the looking-glass (which is usually written in Perl) doesn't check the input properly for the validity of the input address. example: when clicking bgp, to check an address in the bgp table, the attacker can enter , instead of an ip address, the word "nei"(or neighbours) and all bgp neighbours will be fully visible. In fact, any valid argument in cisco IOS following sh ip bgp, can be entered. Another example: <sh ip bgp> paths gives the full path table. This puts some strain on routers and could be used to DOS the router if no proper access security is provided. Various other things can be done workaround: check for a "." in the input . This shouldn't be too hard to implement in the script :-) Haven't checked for traversal possibilities yet ;-) Barabas --------------------------------------------------------- Get Free Private Encrypted Email https://mail.lokmail.net Switch to Name.Space: http://namespace.org/switch
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 08:59:10 PDT