Re: (usr-tc) HiperARC - Dangerous HiperBomb
Is there a way to deny access to the port, but allow only certain IPS to telnet to it? ============================================================================== Phillip Ferraro WorldNet Access, Inc pferraro@wna-linknet.com Onslow County's PREMIER InterNet Service Voice (910) 346-0835 824 Gumbranch Square, Suite R3 FAX (910) 455-1933 Jacksonville, Nc 28540-6269 ============================================================================== On Fri, 13 Aug 1999, Ed Taylor wrote:
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Thus spake pferraro@wna-linknet.com
Is there a way to deny access to the port, but allow only certain IPS to telnet to it?
I *think* this would work...would need to be an input filter of course...I *think* input filters filter data for packets destined for the system itself. I know IOS on cisco's doesn't do this, but I think the HiPer Arcs do. Keep in mind that to be sure, you'd also have to put this filter on all your dialup interfaces as well... I'll try to check this out in more depth today when I go to the office. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Jeff Mcadams <jeffm@iglou.com> wrote
Thus spake pferraro@wna-linknet.com
Is there a way to deny access to the port, but allow only certain IPS to telnet to it?
I *think* this would work...would need to be an input filter of course...I *think* input filters filter data for packets destined for the system itself. I know IOS on cisco's doesn't do this, but I think the HiPer Arcs do. Keep in mind that to be sure, you'd also have to put this filter on all your dialup interfaces as well...
cisco does, you can apply an ACL to the vty's. eg: access-list 199 permit ip 10.216.0.0 0.0.0.255 any log-input access-list 199 deny ip any any log-input line vty 0 4 access-group 199 in now, does anyone know if the anti-spoof filters in hiper syslog? ^^; (I dont manage them myself) P ----* -- My words, my mail, my meaning. - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Thus spake Peter
Jeff Mcadams <jeffm@iglou.com> wrote
Thus spake pferraro@wna-linknet.com
Is there a way to deny access to the port, but allow only certain IPS to telnet to it?
I *think* this would work...would need to be an input filter of course...I *think* input filters filter data for packets destined for the system itself. I know IOS on cisco's doesn't do this, but I think the HiPer Arcs do. Keep in mind that to be sure, you'd also have to put this filter on all your dialup interfaces as well...
cisco does, you can apply an ACL to the vty's.
Well...true...but an ACL on the regular interface doesn't do it...which was what I was implying...sorry about the non-clarity. :) -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (3)
-
Jeff Mcadams -
Peter -
pferraro@wna-linknet.com