Re: Cisco 675 Denial of Service Attack

[J Edgar Hoover <zorch () TOTALLY RIGHTEOUS NET>]

At the risk of further delaying the actual release of an upgrade... there
are some other problems with the Cisco 675.

If you disable telnet, it still accepts connections on port 23. You can
move telnet to port xxx and disable telnet, and it will listen on port
xxx. Vulnerable to DoS, possible exploit.

The IP Filtering is a joke. The command line doesn't match the written or
electronic documention, and the actual filter rules don't do what they
claim to do.

TFTPD and SNMPD cannot be completely disabled. Similar to 'disabling'
telnet.

Syslog is weak. You can't configure severity levels, and the default level
of logging is very low. It ignores many connection attempts, even to
default services.

This is just the tip of the iceberg. I won't be recommending this product.

Before anyone flames me about not notifying Cisco privately... keep in
mind it is not my job to help cisco develop a more secure product. I've
had vendors sit on bugs for over a year, threaten legal action, and just
plain waste my time in a volley of denials and questions. It's far more
efficient to just release the bugs on IRC.

Unfortunately, I own this PoS and have been looking for a CBOS upgrade.

Cheers,
zorch