2 security problem Quantum SNAP server

[awacs <awacs () hawkeye ac>]

2 security problem  Quantum SNAP server

Problem first discoverd:2001.8.10
Discoverd by: awacs@hawkeye
Published: 2002.5.30

I had found 2 security problem on Quantum SNAP server.
(SNAP server is Network Area Strage server.)

Tested machine SNAPserver4100/160G

Problem 1 : incleasing  sequence number.
I had fingerprinted about TCP/IP protocol stack,
and this results,I think SNAP server's OS is *BSD.
And, This OS's TCP sequence number was added 800
to previous number simply.
So, it's easy to spoof IP connection.

Problem 2 : DoS attack by fragment packet.
When I searched open port, I used nmap with -f option.
And some minuites after run nmap, SNAP server is down.
I searched bugtraq archive, I found this article.
http://www.securityfocus.com/archive/1/187411

> From this article, NetBSD had vulnerability, and I think
SNAP server had same problem.

Solution
Use firewall(or other protect method) to protect against malicious user(s).
Or ask vender:-)

Vender status
I reported this problem to Quantum's japanese region,
and I recieved answer.
He said," We will print about this problem on WWW.
and next version of SNAPserver, We will change OS from BSD to Linux.
So, please wait to release advisory until the next year(2002)."
After this comment, I don't get any infomation from vender.
I don't know whether it was revised or not.

But it's time to disclose this.

Thanks Mr.X on Quantum's japanese region.
and sorry my poor English.

awacs@hawkeye