Vulnerability Development mailing list archives
Re: Phenoelit Advisory 0815 ++ // Xedia
From: Tom Clancy <tom () keysoftware com>
Date: 3 Nov 2002 00:45:26 -0000
In-Reply-To: <3D4271A3.3050003 () phenoelit de>
[ Overview ] The Lucent Access Point Router is a mid-range Access Level Router that supports a wide range of cool features such as CBQ (QoS
stuff).
[ Description ] The Lucent Access Point has a web server providing a colorful interface to use for configuration. This interface is apparently for those people who don't like the extremley powerful command-line. When sending an HTTP GET request with approximately 4000 characters in the URI to the server, the Access Point reboots. [ Solution ]
Use the CBQ functionality! Setup CBQ: To allow web access to the specified router interface(s) from a specific IP (s) To drop packets to all router interfaces Ex CBQ 1 = WAN in -Block ALL traffic add cbq.1 traffic-class.Deny-default parent root-input-tree bandwidth- allocation 0 bounded true -allow HTTP traffic from WAN in add cbq.1 traffic-class.httpWANin parent root-input-tree bandwidth- allocation 1000000 bounded true dest-ip-addresses (IP's here) application http row-status active -allow Return Flow out - established TRAFFIC add cbq.1 traffic-class.httpWANreturn parent root-output-tree bandwidth- allocation 1000000 bounded true dest-ip-addresses (IP's here) application httpEstablished row-status active -Block ALL traffic to router interface add cbq.1 traffic-class.BlockRouterIPAccess parent root-input-tree bandwidth-allocation 0 bounded true peer-classification-order 90 dest-ip- Addresses xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxxx row-status active add cbq.1 traffic-class.AllowWebMange parent root-input-tree bandwidth- allocation 64000 bounded true peer-classification-order 40 src-ip- Addresses xxx.xxx.xxx.xxx dest-ip-addresses xxx.xxx.xxxx application http row-status active
Current thread:
- Re: Phenoelit Advisory 0815 ++ // Xedia Tom Clancy (Nov 03)