Bugtraq mailing list archives
Re: RSA Aceserver UDP Flood Vulnerability
From: nexus () PATROL I-WAY CO UK (JJ Gray)
Date: Fri, 14 Jul 2000 22:49:47 +0100
Hi folks, [snip]
It has been brought to RSA Security's attention that a possible UDP flood vulnerability exists in the RSA ACE/Server R.
[snip] The original post I made (I don't expect egotistical kudos or anything but a quick "cheers to" would have been nice in the bulletin ;-)) did indeed indicate that RSA did not see this as an issue. That was an error on the part of some section of the support organisation within RSA, and it should have been escalated - seems I inadvertantly discovered another problem, though procedural in nature - I find it somewhat annoying that a public post was required for this potential issue to be investigated. Apart from the obvious ethical and professional reasons for contacted the vendor, I wanted to create full reproducibilty to ensure that it was not a factor of my enviroment - I hate to cry "wolf!". Especially when I was dismissed as a result of this. [snip]
The RSA Security Support Lab tested the potential vulnerability by force-feeding servers with 1000 packets per second, without reproducing a process crash. In these tests, the server rode out the flood and recovered within minutes, without needing to be stopped or rebooted.
[snip] This may also be related to the scenario where there is a resource limitation or shortfall on the ACE/Server itself, but I do not know for certain as no-one has contacted me for any real technical information as regards my (former) test lab, nor am I aware of the specs of the RSA test boxes. [snip]
1. Placing an intrusion detection or traffic monitor on the LAN. Most RSA ACE/Servers are on internal networks, behind firewalls.
[snip] Sound and sensible advice for any critical network component, discounting for the moment the percentage of attacks from authorised internal network users and the 'spoofability' of UDP packets, especially since you don't care about a reply reaching you, the box must be heavily locked down. Partial and general hardening procedures are mentioned in the ACE/Server doc umentation but they are nowhere near what is really necessary for such a critical service. Regards, JJ
Current thread:
- Re: RSA Aceserver UDP Flood Vulnerability Frank Darden (Jul 14)
- <Possible follow-ups>
- Re: RSA Aceserver UDP Flood Vulnerability JJ Gray (Jul 14)
- Re: RSA Aceserver UDP Flood Vulnerability Vin McLellan (Jul 14)
- Re: RSA Aceserver UDP Flood Vulnerability Vin McLellan (Jul 19)