Re: (usr-tc) HiperARC - Dangerous HiperBomb
I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6). As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs. Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
typo in my last message. It should read "deny all telnet traffic (tcp-23)" Rick wrote:
I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6).
As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs.
Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
But your own customers can still reboot them via dialup to that NAS. Marshall Morgan Internet Doorway, Inc. (aka NETDOOR)
-----Original Message----- From: owner-usr-tc@lists.xmission.com [mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Rick Sent: Friday, August 13, 1999 10:07 PM To: usr-tc@lists.xmission.com Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6).
As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs.
Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
There is a solution to that... but no true fix (outside of disabling Telnet) until 3com fixes the code in the ARCs. It probably wouldn't hurt to also make the code a little more robust and fix V90 too. Ed ----- Original Message ----- From: Marshall Morgan <marshall@netdoor.com> To: <usr-tc@lists.xmission.com> Sent: Saturday, August 14, 1999 2:09 AM Subject: RE: (usr-tc) HiperARC - Dangerous HiperBomb But your own customers can still reboot them via dialup to that NAS. Marshall Morgan Internet Doorway, Inc. (aka NETDOOR)
-----Original Message----- From: owner-usr-tc@lists.xmission.com [mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Rick Sent: Friday, August 13, 1999 10:07 PM To: usr-tc@lists.xmission.com Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6).
As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs.
Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message. - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
The workaround for this problem is setting up telnet clients on the hiper arc and enabling telnet client access. This program all it does is tries to open tcp connections, so on the hiper arc do this add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet> enable telnet cli This will tell the hiper arc to have access only from trusted hosts and this program will not cause any crash if some one tries to use it from different hosts. This hower is a work around only - We do understand that this is a serious issue and would come up with a fix. regards krish ----------------------------------------- \ T.S.V. Krishnan \ \ Network System Engineer \ ( : - : ) \ 3Com ............ \ ----------------------------------------------/ tkrishna@bubba.ae.usr.com ----------------------------/ http://interproc.ae.usr.com ----/ -------------------------------------------------------------------------\ Any Sufficiently advanced bug is indistinguishable for a feature. - Rick Kulawiec -------------------------------------------------------------------------/ On Sat, 14 Aug 1999, Marshall Morgan wrote:
But your own customers can still reboot them via dialup to that NAS.
Marshall Morgan
Internet Doorway, Inc. (aka NETDOOR)
-----Original Message----- From: owner-usr-tc@lists.xmission.com [mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Rick Sent: Friday, August 13, 1999 10:07 PM To: usr-tc@lists.xmission.com Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6).
As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs.
Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Thus spake Tatai SV Krishnan
add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet>
enable telnet cli
wow...learn something new every day. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
I did a disable telnet client_access but I can still telnet in after I do this??? ----- Original Message ----- From: Jeff Mcadams <jeffm@iglou.com> To: <usr-tc@lists.xmission.com> Sent: Saturday, August 14, 1999 2:00 PM Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
Thus spake Tatai SV Krishnan
add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet>
enable telnet cli
wow...learn something new every day. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
enable not disable. ----- Original Message ----- From: Jamie Orzechowski <mhz@ripnet.com> To: <usr-tc@lists.xmission.com> Sent: Saturday, August 14, 1999 9:28 PM Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
I did a disable telnet client_access but I can still telnet in after I do this???
----- Original Message ----- From: Jeff Mcadams <jeffm@iglou.com> To: <usr-tc@lists.xmission.com> Sent: Saturday, August 14, 1999 2:00 PM Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
Thus spake Tatai SV Krishnan
add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet>
enable telnet cli
wow...learn something new every day. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Thus spake Jamie Orzechowski
I did a disable telnet client_access but I can still telnet in after I do this???
You need to enable it, not disable. this is basically the setting that tells the telnet service to check the client access table to check to see if that system is allowed to check...if you disable this setting, it doesn't check the table and assumes everyone is allowed to connect. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Here is the steps. Add the telnet client <ip> then enable telnet client_access if you disable the same you will be able to telnet into the hiper arc. krish ----------------------------------------- \ T.S.V. Krishnan \ \ Network System Engineer \ ( : - : ) \ 3Com ............ \ ----------------------------------------------/ tkrishna@bubba.ae.usr.com ----------------------------/ http://interproc.ae.usr.com ----/ -------------------------------------------------------------------------\ Any Sufficiently advanced bug is indistinguishable for a feature. - Rick Kulawiec -------------------------------------------------------------------------/ On Sat, 14 Aug 1999, Jamie Orzechowski wrote:
I did a disable telnet client_access but I can still telnet in after I do this???
----- Original Message ----- From: Jeff Mcadams <jeffm@iglou.com> To: <usr-tc@lists.xmission.com> Sent: Saturday, August 14, 1999 2:00 PM Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
Thus spake Tatai SV Krishnan
add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet>
enable telnet cli
wow...learn something new every day. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
How would I add a range of ips? ----- Original Message ----- From: Tatai SV Krishnan <tkrishna@bubba.ae.usr.com> To: Marshall Morgan <marshall@netdoor.com> Cc: <usr-tc@lists.xmission.com> Sent: Saturday, August 14, 1999 1:39 AM Subject: RE: (usr-tc) HiperARC - Dangerous HiperBomb
The workaround for this problem is setting up telnet clients on the hiper arc and enabling telnet client access. This program all it does is tries to open tcp connections, so on the hiper arc do this
add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet>
enable telnet cli
This will tell the hiper arc to have access only from trusted hosts and this program will not cause any crash if some one tries to use it from different hosts.
This hower is a work around only - We do understand that this is a serious issue and would come up with a fix.
regards
krish
----------------------------------------- \ T.S.V. Krishnan \ \ Network System Engineer \ ( : - : ) \ 3Com ............ \ ----------------------------------------------/ tkrishna@bubba.ae.usr.com ----------------------------/ http://interproc.ae.usr.com ----/ -------------------------------------------------------------------------\ Any Sufficiently advanced bug is indistinguishable for a feature. - Rick Kulawiec -------------------------------------------------------------------------/
On Sat, 14 Aug 1999, Marshall Morgan wrote:
But your own customers can still reboot them via dialup to that NAS.
Marshall Morgan
Internet Doorway, Inc. (aka NETDOOR)
-----Original Message----- From: owner-usr-tc@lists.xmission.com [mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Rick Sent: Friday, August 13, 1999 10:07 PM To: usr-tc@lists.xmission.com Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6).
As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs.
Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Sat, 14 Aug 1999, Brian M. Gordon wrote:
How would I add a range of ips?
Individual hosts add telnet client <ip address> ... ... A subnet of address add telnet client ip address netmask add telnet client 10.10.0.0/24 ... .. etc krish
----- Original Message ----- From: Tatai SV Krishnan <tkrishna@bubba.ae.usr.com> To: Marshall Morgan <marshall@netdoor.com> Cc: <usr-tc@lists.xmission.com> Sent: Saturday, August 14, 1999 1:39 AM Subject: RE: (usr-tc) HiperARC - Dangerous HiperBomb
The workaround for this problem is setting up telnet clients on the hiper arc and enabling telnet client access. This program all it does is tries to open tcp connections, so on the hiper arc do this
add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet>
enable telnet cli
This will tell the hiper arc to have access only from trusted hosts and this program will not cause any crash if some one tries to use it from different hosts.
This hower is a work around only - We do understand that this is a serious issue and would come up with a fix.
regards
krish
----------------------------------------- \ T.S.V. Krishnan \ \ Network System Engineer \ ( : - : ) \ 3Com ............ \ ----------------------------------------------/ tkrishna@bubba.ae.usr.com ----------------------------/ http://interproc.ae.usr.com ----/ -------------------------------------------------------------------------\ Any Sufficiently advanced bug is indistinguishable for a feature. - Rick Kulawiec -------------------------------------------------------------------------/
On Sat, 14 Aug 1999, Marshall Morgan wrote:
But your own customers can still reboot them via dialup to that NAS.
Marshall Morgan
Internet Doorway, Inc. (aka NETDOOR)
-----Original Message----- From: owner-usr-tc@lists.xmission.com [mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Rick Sent: Friday, August 13, 1999 10:07 PM To: usr-tc@lists.xmission.com Subject: Re: (usr-tc) HiperARC - Dangerous HiperBomb
I can confirm this security-bug EXISTS. I compiled the source of hyper-nuke and did indeed reboot some of my arcs (4.1.59-6).
As others have stated I would suggest implementing accesslists on your routers that deny all telnet (tcp-25) traffic to your arcs.
Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rick Allan / rick@monmouth.com | Connect to a Backbone not a Wishbone Head of Network Engineering | Monmouth Internet Corporation 732-842-5366=====extension 102 | http://www.monmouth.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Sat, 14 Aug 1999, Tatai SV Krishnan wrote:
The workaround for this problem is setting up telnet clients on the hiper arc and enabling telnet client access. This program all it does is tries to open tcp connections, so on the hiper arc do this
add telnet client <ip address of single host or subnet that you want to allow access to the hiper arc via telnet>
enable telnet cli
This will tell the hiper arc to have access only from trusted hosts and this program will not cause any crash if some one tries to use it from different hosts.
This hower is a work around only - We do understand that this is a serious issue and would come up with a fix.
This is a bit more than slightly irritating. I just got back from vacation and found this message here and saw that the WeeklyService Update did not include any field service reports or any warnings about the fact that this *known* bug has been found. As far as I'm concerned, this should have been posted on CERT. Kevin Benton SOTA Technologies - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Thus spake Kevin Benton
This is a bit more than slightly irritating. I just got back from vacation and found this message here and saw that the WeeklyService Update did not include any field service reports or any warnings about the fact that this *known* bug has been found. As far as I'm concerned, this should have been posted on CERT.
Heh...who's to say that it won't be....with CERT's blisteringly fast response time </sarcasm> they may come out with an alert 6 weeks from now. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (8)
-
Brian M. Gordon -
Ed -
Jamie Orzechowski -
Jeff Mcadams -
Kevin Benton -
Marshall Morgan -
Rick -
Tatai SV Krishnan