-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Announce: Spaning Tree Algorithm and Protocols Familiy weakness & holes. by Oleg Artemjev and Vladislav Myasnyankin The last text & matherials of the project & this announcement may be found at http://olli.digger.org.ru/STP/. Currently only a magazine article & draft "contents" of entire project are avaliable. Below is a slightly changed & reformatted text dump of an announcement. - --------------------------------------DUMP------------------------------------ Announce: Spaning Tree Algorithm and Protocols Familiy weakness & holes by Oleg Artemjev and Vladislav Myasnyankin The Spaning Tree Algorithm and thus - all Spaning Tree Protocols supported by lage variety of hardware vendors [lots of them provide Spaning Tree Support on their switches (commutators) & routers] contain many serious security vulnerabilities.Brief description of these vulnerabilities was published in Russian magazine "LAN" (LAN, #1 2002, more info about the magazine could be obtained from http://www.osp.ru/lan/about/). According publication conditions we can publish full matherials of our project two months later after magazine issue. Since the paper is made in Russian it will first arrive in Russian & only then, later, we'll translate it into English (do you want to help us,huh?). This announcement may be incompleet, if some differences are conflicting - the Russian version is a right source. Also note - after we'll translate the text to English it'll 1st arrive in a paper magazine. The reason is simple - we prefer to take some feedback from our research work. If you're a pubblisher (non US only! [ see LICENSE ]) - fill free to contact us (then remove "NOSPAM" before sending - it's simple antispam protection) - we're looking for an English-speaking paper magazine to publish this information before it'll be avaliable for the Internet. We already notified some vendors (Cisco, Avaya) about these vulnerabilities, but an answer was alike: "Unless this gives money we won't make investments". Well, since we're interested in high level of security in switches & routes we use, we have to publish our investigations. Because thus we 'll make some pressure on hardware vendors to implement real security in their devices. As a complain against trends to inhibit publications of security vulnerabilitties in software (these tendencies are widely known to the public as a DCMA law in U$ & judicial prosecution agains Sklyarov & Elkomsoft,also there), the announced materials will be published under following licence: - ------------------license text--------------------- License agreement. This paper is an intellectual property of it's authors: Oleg Artemjev and Vladislav Myasnyankin (hereinafter - writers). This paper may be freely used for the links, but its content or its part cannot be translated into foreign languages or included into any paper, book, magazine, and other electronic or paper issues without prior WRITTEN permissions of both writers. Moreover, in case of using materials of this research or refer to it, according given license you must provide complete information: full title, authorship and this license. You can freely distribute this paper electronically, if, and only if, all of the following conditions are met: 1) This license agreement and article are not modified, including its PGP digital signature. Any reformatting of the text is prohibited. 2) The distribution does not contradict the given license. Distribution of this paper in the countries with the legislation containing limitations similar to American DCMA contradicts the given license. Moreover, reading this paper by citizens of such a country violates this license agreement and law both. Nevertheless, distribution of any links to this document is not a violation of the given license. This paper is provided by the authors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the writers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption). Writers claim this article for educational purposes only. You should not read this paper, if you disagree not to use it any other way. The given license agreement is subject to change without warning in the consent of both writers. - ------------------license text--------------------- At this moment "LAN" magazine has published electronical version of our article. Links are avaliable from Russian version of this announce. - --------------------------------------DUMP------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: mailto: iD8DBQE8jXVqx3pSkmh5ZJoRAss5AKCNxk1y6cUDHOtFU4Fjy4E/LGd8oACfUH2z fN8P65RPGe5rD72zK6wvTkI= =W+48 -----END PGP SIGNATURE-----