-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TITLE: A more detailed description of 3Com ® OfficeConnect® Remote 812 ADSL
Router
DESCRIPTION: A big description of the vulnerability, Status and Solutions.
I send this mail to explain the real problem and the solutions to all these
people that were interested in the bug.
Thanks to all people that has sent me a email with theirs experienced
PROBLEM SUMMARY:
In the previous mail, I advertised about a problem in PAT(Port
Address Translation) that can be used to access all ports in the computer
behind the router. educmat_private inform me about a feature called iNAT
or iPAT (Intelligent NAT/PAT. I think this should be called Stupid NAT/PAT).
With this feature, when a connection is established from a computer
behind the router with a remote computer, the router redirects all the
connections from the remote computer to the computer that initiate the
connection behind the router, even if the ports aren't redirected whith PAT.
Somebody from 3Com Europe sent me a mail with the same explanation,
and write a text extracted from 812CLI (Version 2.0) documentation (see
attachment). But iNAT/PAT really has a bug.
BUG:
When we try to connect to a port that is not redirected to a computer
behind the router using iPAT, there is no problem, the router doesn't allow
this connection. But if before we connect to a port redirected using iPAT and
inmediately we try to connect to any port not redirected using iPAT, the
router allows the successive connections to any port, redirecting the
connections to the internal computer. The problem exists with TCP and with
UDP. The problem exists when iPAT is enable (It is enable by default) and it
isn't a feature, it is a bug.
A lot of people sent me mails saying that this is a feature called iNAT, but
the iNAT isn't working as it should.
SOLUTIONS:
Disable iNAT/PAT (Caution: Some programs, like NetMeeting may not
work). There is an unoficial version of the firmware (version 2.1.2) at
http://www.adslnet.ws/ ( http://es.geocities.com/doelgroup/mr020102.zip )
that seems not to have the bug. If somebody tries it, make me know,
please.
- --
- --------------------------------------------------
Ismael Briones Vilar Mundinteractivos - El Mundo
Area de Internet Pradillo, 42
ismael@el-mundo.net 28002 - Madrid (SPAIN, EU)
http://www.elmundo.es/ Tel: (+34) 915864800 (Ext: 4615)
Fax: (+34) 915864480
- --------------------------------------------------
GPG PubKey:
fingerprint: 8FD8 1450 29AC 5B5F 4186 0417 B67A 978F 281C D54F
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0x281CD54F
- --------------------------------------------------
"Este negocio, es un organismo vivo. Se multiplica sin cesar
rodeado por depredadores. No hay cabida para tiempo ocioso ni vacilaciones.
Nuevos descubrimientos nos inundan, nuevas ideas, listas para ser devoradas,
redefinidas. Este negocio en binario. Eres un uno o un cero, vives o
mueres...."
Gary Winston (AntiTrust)
"Good artists copy, great artists steal."
Pablo Picasso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9B4IatnqXjygc1U8RAu/QAKCfF8K299YHckLKa6MYVWHRORXFHwCfR+xy
/fm65CLKYVDrz04gR1hFO34=
=f5/8
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 11:40:56 PDT