Security Incidents mailing list archives
mal-formed IP paquet and CVX Nortel
From: Philippe PATUREL <phpaturel () INFONIE FR>
Date: Tue, 16 Jan 2001 09:54:13 +0100
Hi Marc, I received a copy of your email mentionning a bug in CVX code. We experience exactly the same trouble with Raw IP paquets lacking layer4 TCP and having HTPP content as IP payload. It appears as if paquets used (now well known) TCP ports 18245 and 21536 which translate into "GET HTTP ..." if converted to hex and ascii. Current versions : CVX> Vinfo Image Version Bld# BldDate Time Machine User Brd Branch fepmd 3.6.2 3054 10/26/2000 21:36:23 BUILD03 Build scc p362 We've opened a ticket at Nortel and the last release of code they provided solved some issues but not this one. As an ISP we also are a good customer for Nortel. I hope we can solve this issue quickly, since we have many complaints and notifications from web security managers. Regards, Philippe Paturel Network manager at Infosources FRANCE
Approved-By: ah () SECURITYFOCUS COM Delivered-To: incidents () lists securityfocus com Delivered-To: INCIDENTS () SECURITYFOCUS COM Date: Fri, 12 Jan 2001 09:48:27 -0600 Reply-To: marc <marc () ZOUNDS NET> Sender: Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM> From: marc <marc () ZOUNDS NET> Subject: Pls send captures. Re: CVX? Re: Scans of 21536 X-To: Mike Blomgren <mike.blomgren () ccnox com> To: INCIDENTS () SECURITYFOCUS COMI was contacted off-list by people also seeing similiar symptoms, but we still haven't solved the issue. However my strongest bet is that the problem lies within RAS box the users dial into, presumably a Nortel CVX. Anyone have good 'connection' with Nortel?I am working with my ops team to investigate this issue. We have good Nortel connections, as we are a big customer. Could anyone with packet captures or traces of this problem please send them to me? Especially if they involve splitrock.net. Thanks in advance, marc import sigfile
Jean-Francois Zwobada Cellule Securite - Fluxus Phone : +33.1.70.95.10.10 - Fax : +33.1.70.95.10.00 37, rue du Colonel Pierre Avia - 75015 PARIS
Current thread:
- mal-formed IP paquet and CVX Nortel Philippe PATUREL (Jan 16)