Re: 3com hiperarch flaw [hiperbomb.c]

[mike () COREDUMP AE USR COM (Mike Wronski)]

3Com acknowledges and has verified the existence of the hiperbomb DOS attack. All
HiPer ARC software (4.0 - 4.2.29) is vulnerable to the attack.  The following
workaround will protect your equipment until the software patch becomes
available. Defect is logged under 3Com MR#11022

It is possible to add a telnet access list of trusted hosts on the HiPer ARC. It
can be assumed that the attack will not come from a trusted host. It is also
recommended that you do no allow any telnet sessions from outside your network.

To add a telnet access list:

1) add telnet clients. These clients may be individual hosts or networks.
        "ADD TELNET CLIENT X.X.X.X"
        "LIST TELNET CLIENTS" will list all configured clients

2) Enable the telnet client access list feature.
        "ENABLE TELNET CLIENT_ACCESS"

A follow up post will be made when the patched code is made available.

This workaround can also be found on the 3Com Knowledge Base (3KB) at
http://knowledgebase.3com.com/ under document ID: 2.0.2107762.2279004

---------------------------------------------------------
Mike Wronski (mike () coredump ae usr com)
Sr. 3Com Network Systems Engineer / BETA Engineer
PGP:http://coredump.ae.usr.com/pgp

|-----Original Message-----
|From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
|Jonathan Chapman
|Sent: Thursday, August 12, 1999 5:11 PM
|To: BUGTRAQ () SECURITYFOCUS COM
|Subject: 3com hiperarch flaw [hiperbomb.c]
|
|
|Hello,
|
|The attached program will reboot a 3com HiperARC.  I made an attempt to
|contact 3com before posting this report, however, I received no response.
|By flooding the telnet port of a 3com HiperARC using the provided program,
|the HiperARC unconditionally reboots.  This program is effective over all
|interfaces, including a dialup.
|
|Regards,
|
|Jonathan Chapman
|Director of Network Security
|FIRST Incorporated
|jchapman () 1st net  www.1st.net
|
|