Problem with ascend pipeline routers.

[eric () CAFFREY NET (Eric Thacker)]

Messing around with a pipeline 75 I noticed that I could keep open the
password prompt past the normal time limit by sending one character every
second.  This resets the timer to 0 and keeps the telnet session to
the router from being closed.  I opened up a second telnet to the router
and did this again.  Ascend pipeline routers only allow 2 telnet sessions,
at this point any future attempts get rejected.  I was able to keep these
connections for hours by sending data to both password prompts which would
keep anyone from configuring this router.

I wrote ascend explaining what I had done and asking them to consider
putting a time limit on the amount of time it takes to enter a password.
This is the response I got back...

-Start-

Date: Tue, 26 May 1998 14:19:30 -0700
From: support <support () ascend com>
To: eric () caffrey net
Subject: RE: Ticket #238563

Eric:

The pipeline has no way of telling what is a legit telnet and what is
not and because the box is meant to be accessed this way (both locally
and remotely), a firewall is the best way to restrict telnet access.

--
Ascend Communications, Inc          Service & Support
support () ascend com
http://www.ascend.com/service

-Cut-


I really like ascend, but this is a lame way of not having to put a 45
second limit on typing in a password when connecting to a router via
telnet.

What can this do??  Someone can effictivly keep a pipeline router from
being configured by opening 2 telnet sessions to the router and sending
data every second.  The only way to stop this is to reboot the router and
telnet in before another telnet session is opened by the attacker.

Ways to fix the problem:
1. Filter all incoming telnet traffic to the router from the internet
2. Turn off telnet access and use the console port
3. Don't configure your router


Eric Thacker
System Administrator
Caffrey/Digilink Networks
eric () caffrey net