Re: 3com hiperarch flaw [hiperbomb.c]

[spork () INCH COM (Charles Sprickman)]

I'm forwarding this so that those not on the usr list can see an alternate
workaround until it is fixed...

Charles

---------- Forwarded message ----------
Date: Sat, 14 Aug 1999 00:39:36 -0500 (CDT)
From: Tatai SV Krishnan <tkrishna () bubba ae usr com>
Reply-To: usr-tc () lists xmission com
Cc: usr-tc () lists xmission com
Subject: RE: (usr-tc) HiperARC - Dangerous HiperBomb

The workaround for this problem is setting up telnet clients on the hiper
arc  and enabling telnet client access.  This program all it does is
tries to open tcp connections, so on the hiper arc do this

add telnet client <ip address of single host or subnet that you want to
allow access to the hiper arc via telnet>

enable telnet cli

This will tell the hiper arc to have access only from trusted hosts and
this program will not cause any crash if some one tries to use it from
different hosts.

This hower is a work around only - We do understand that this is a
serious issue and would come up with a fix.

regards

krish

-----------------------------------------
                \       T.S.V. Krishnan  \
                 \      Network System Engineer \ ( : - : )
                  \     3Com ............   \
                ----------------------------------------------/
tkrishna () bubba ae usr com
----------------------------/ http://interproc.ae.usr.com ----/
-------------------------------------------------------------------------\
        Any Sufficiently advanced bug is indistinguishable for a feature.
                                                - Rick Kulawiec
-------------------------------------------------------------------------/

On Sat, 14 Aug 1999, Marshall Morgan wrote:

> But your own customers can still reboot them via dialup to that NAS.
>
> Marshall Morgan
>
> Internet Doorway, Inc. (aka NETDOOR)
>
> > -----Original Message-----
> > From: owner-usr-tc () lists xmission com
> > [mailto:owner-usr-tc () lists xmission com]On Behalf Of Rick
> > Sent: Friday, August 13, 1999 10:07 PM
> > To: usr-tc () lists xmission com
> > Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
> >
> >
> > I can confirm this security-bug EXISTS. I compiled the source of
> > hyper-nuke and
> > did indeed reboot some of my arcs (4.1.59-6).
> >
> > As others have stated I would suggest implementing accesslists on
> > your routers
> > that deny all telnet (tcp-25) traffic to your arcs.
> >
> >
> > Ed Taylor wrote:
> >
> > > For HiperBomb code check out:
> > >
> > > http://www.securityfocus.com/templates/archive.pike?list=1
> > >
> > > It is very serious and reboots the HiperArc's from anywhere.
> > >
> > > Ed
> > >
> > > ---------- Original Message ----------------------------------
> > > From: "Jamie Orzechowski" <mhz () ripnet com>
> > > Reply-To: usr-tc () lists xmission com
> > > Date:     Fri, 13 Aug 1999 19:03:36 -0400
> > >
> > > > Just reading my Securityfocus email list and attacked was a new "Remote
> > > HiPER ARC nuking program"
> > >
> > > I have the source if anyone cares to have it ...
> > >
> > > ----- Original Message -----
> > > From: Jonathan Chapman <jchapman () 1ST NET>
> > > To: <BUGTRAQ () SECURITYFOCUS COM>
> > > Sent: Thursday, August 12, 1999 6:10 PM
> > > Subject: 3com hiperarch flaw [hiperbomb.c]
> > >
> > > > Hello,
> > > >
> > > > The attached program will reboot a 3com HiperARC.  I made an attempt to
> > > > contact 3com before posting this report, however, I received no
> > response.
> > > > By flooding the telnet port of a 3com HiperARC using the
> > provided program,
> > > > the HiperARC unconditionally reboots.  This program is
> > effective over all
> > > > interfaces, including a dialup.
> > > >
> > > > Regards,
> > > >
> > > > Jonathan Chapman
> > > > Director of Network Security
> > > > FIRST Incorporated
> > > > jchapman () 1st net  www.1st.net
> > >
> > > -
> > >  To unsubscribe to usr-tc, send an email to "majordomo () xmission com"
> > >  with "unsubscribe usr-tc" in the body of the message.
> > >  For information on digests or retrieving files and old messages send
> > >  "help" to the same address.  Do not use quotes in your message.
> > >
> > > -
> > >  To unsubscribe to usr-tc, send an email to "majordomo () xmission com"
> > >  with "unsubscribe usr-tc" in the body of the message.
> > >  For information on digests or retrieving files and old messages send
> > >  "help" to the same address.  Do not use quotes in your message.
> >
> > --
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > Rick Allan / rick () monmouth com | Connect to a Backbone not a Wishbone
> > Head of Network Engineering    |    Monmouth Internet Corporation
> > 732-842-5366=====extension 102 |      http://www.monmouth.com
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> >
> >
> >
> > -
> >  To unsubscribe to usr-tc, send an email to "majordomo () xmission com"
> >  with "unsubscribe usr-tc" in the body of the message.
> >  For information on digests or retrieving files and old messages send
> >  "help" to the same address.  Do not use quotes in your message.
>
> -
>  To unsubscribe to usr-tc, send an email to "majordomo () xmission com"
>  with "unsubscribe usr-tc" in the body of the message.
>  For information on digests or retrieving files and old messages send
>  "help" to the same address.  Do not use quotes in your message.

-
 To unsubscribe to usr-tc, send an email to "majordomo () xmission com"
 with "unsubscribe usr-tc" in the body of the message.
 For information on digests or retrieving files and old messages send
 "help" to the same address.  Do not use quotes in your message.