I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6). As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs. Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.