Bugtraq mailing list archives

Re: Widespread Router Access Port DoS

From: poidog () IAV COM (System Grunt)
Date: Fri, 5 Feb 1999 13:20:34 -1000


On Fri, 5 Feb 1999, John Bashinski wrote:

Since the TCP connection isn't deleted, the virtual TTY (VTY) is not
being released. If you run a bunch of attacks, you eventually end up
with all your VTYs hung up on nonexistent connections. If you can
reach the router at all, you can reclaim them with the "clear line"
command, but if they're all hung up, you may not have a way to get
in and do that.


Both will get the hung telnet sessions.
ComOS 3.8.2 PM3
ComOS 3.7L OR-HS

If an available telnet is open, then telnet in and

sh netconns

433   3072      0  iav.com.23     a.iav.com.2921           TIME WAIT
432   3072      0  iav.com.23     a.iav.com.2918           TIME WAIT
405   3072      0  iav.com.23     a.iav.com.2892           TIME WAIT


reset nxxx will give you a reset successful but will take a few minutes to
actually clear.

Or use pmconsole or the new pmvision...


--
Aloha from Paradise,

Sherwood
System Grunt

Current thread:

Re: Widespread Router Access Port DoS Mr. joej (Feb 05)
- <Possible follow-ups>
- Re: Widespread Router Access Port DoS John Bashinski (Feb 05)
  - Re: Widespread Router Access Port DoS System Grunt (Feb 05)