Re: (PM) Locking up telnet connections

I don't work for Lucent RABU (livingston@iav.com)
Sat, 6 Feb 1999 19:01:28 -1000 (HST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "Re: (PM) Locking up telnet connections (fwd)"
Previous message: Thomas Kinnen: "Re: (PM) PM4 host prompting problem"
In reply to: pmaster@sentex.net: "PMVision.. what port does it use ? (was Re: (PM) Locking up telnet connections (fwd))"
Next in thread: I don't work for Lucent RABU: "Re: (PM) Cardinal 33.6 -> PM3 Init?"

On Sat, 6 Feb 1999 michael@blueneptune.com wrote:
[snip]
> I admit that in my rush to get the information out there, I failed to
> consider some of those options, and I don't think the problem is as
> serious as I originally did. It is an annoyance, but not a major security
> threat. Still, after taking it down a notch in severity, there -is-
> still a problem in ComOS, and I think it deserves to be addressed at
> some point.

Did you read the reply from the cisco rep to bugtraq?
It's a design of TCP/IP implementation, that is causing this 'annoyance.'
It is NOT a failure of ComOS. Why else would the attack posted to bugtraq
be listed as "Widespread Router Access Port DoS". If anything you could
actually twist this into a way to prevent unauthorized entry... clog the
ports and when you need to use it go in with another method and reset a
handle then get in through telnet 8) okay that's pretty lame...

> The point is that there is a problem in the ComOS telnet/login code, and
> the fact that you can throw filters up to minimize the risk does not mean
> the problem should not be fixed. If you do the same thing against a
> FreeBSD system, and presumably many/most other Unix systems, it does not
> lockup the network connection. Why should we expect ComOS to be any
> different? There are reasons to explain the different behaviour, but
> they do not justify that behaviour, once the problem is pointed out.

Well, for one thing you have a limited number of telnet tty on PMs, most
*nix systems have a MUCH higher limit, so I guess in theory if you have a
script that keeps banging away you could do a similar attack, just not as
easily. Cisco reply is they also have a 'session-timeout' and
'exec-timeout' features that should reset the port as necessary. Mayhaps,
sending a RFE to support@livingston.com would be in order?

[snip]

> Is the exposure of this one large enough to justify a code change? I
> think so, although I don't think there's a need to rush out a fix
> immediately. If it were my decision, I would try to fix it in the next
> regular release, and issue a security advisory listing the ways to avoid
> the problem and recover from it if it happens. But I don't work for
> Lucent, so we'll just have to see how they choose to deal with this.

I'll wholeheartedly agree with this paragraph! To get such implemented,
send in your RFE to support@livingston.com. List what you would like
added/fixed and WHY it would be valuable.

-- Aloha from Paradise,

Sherwood Got Clue? If so: ISPF! The Forum for ISPs by ISPs, <http://www.ispf.com>

- To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: MegaZone: "Re: (PM) Locking up telnet connections (fwd)"
Previous message: Thomas Kinnen: "Re: (PM) PM4 host prompting problem"
In reply to: pmaster@sentex.net: "PMVision.. what port does it use ? (was Re: (PM) Locking up telnet connections (fwd))"
Next in thread: I don't work for Lucent RABU: "Re: (PM) Cardinal 33.6 -> PM3 Init?"