Re: [BUGTRAQ] : ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS

From: Dean Shih (dshihat_private)
Date: Sun Jun 23 2002 - 20:57:41 PDT

  • Next message: Felix Harris: "Re: Java and buffer overflows"

    
     ('binary' encoding is not supported, stored as-is)
    In-Reply-To: <20020617171357.GA728at_private>
    
    Dear Friends,
    
    This is a ZyXEL technical support engineer. We got you report from our 
    custom.To avoid internal user to access Prestige, the administrator has to 
    add a extra filter rule to block destination IP= Prestige IP.
    
    Assuem that Prestige LAN IP = 192.168.1.1 WAN IP = 200.1.1.1
    The filter rule should be looked like this in Menu 21:
    
    # A Type         Filter Rules                          M m n
    
     - - ---- --------------------------------------------------------
      1 Y IP   Pr=6, SA=0.0.0.0, DA=192.168.1.1, DP=21     N D N
      2 Y IP   Pr=6, SA=0.0.0.0, DA=192.168.1.1, DP=23     N D N
      3 N IP   Pr=6, SA=0.0.0.0, DA=200.1.1.1, DP=21       N D N
      4 N IP   Pr=6, SA=0.0.0.0, DA=200.1.1.1, DP=23       N D F
    
    Rule 1 and 2, block access to LAN IP.
    Rule 3 and 4, block access to WAN IP.
    
    And then apply this filter rule in Menu 3.1 Input Protocol Filter.
    
    For our new model, such as P643 and P5650 series, there is a feature 
    named "Remote Management Control" in SMT Menu 24.11. Remote Management 
    Control is for telnet, web and ftp service in Prestige. You can customize 
    the service port, access interface and the secured client ip address to 
    enhance the security and flexibility. We have to say sorry that P642 will 
    not support this function due to lack of memory size.
    
                         Menu 24.11 - Remote Management Control
    
      TELNET Server:
         Server Port = 23     Server Access = Disable/ ALL/ LAN only/ WAN only
         Secured Client IP = 192.168.1.33
    
      FTP Server:
         Server Port = 21                   Server Access = Disable
         Secured Client IP = 0.0.0.0
    
       Web Server:
         Server Port = 80                   Server Access = LAN only
         Secured Client IP = 0.0.0.0
    



    This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 06:16:33 PDT