|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
3COM Documentation backdoors in CB3500
Pedro Ribeiro (pribeiro
ISEL.PT)Wed, 23 Dec 1998 17:22:27 -0000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: YounGoat: "Re: DCC HiJacking patch for BitchX 75p1"
- Previous message: Michal Zalewski: "Linux PAM (up to 0.64-2) local root compromise"
This is a "report" i'v sent to 3com some days ago. >While evaluating the 3com layer3 switch Corebuilder 3500 i'v detected while >reading the "CoreBuilder 3500 Implementation Guide V2.0.0, PN:10011376" that >several examples given in the Packet Filtering Chapter 10 have serious >"security mistakes". >ALL the exemples of packet filtering of IP packets based on UDP/TCP ports >information are wrong, simple because are assumed that the transport header >fallows the basic IP header, witch isn't always true because beetwen the >basic IP header and the transport layer header, a variable amount of IP >options can appear. >We can't simply index to position 24?? of the ethernet frame to get the >transport layer port information, this is only true if there are no options >fallowing the IP header. >Pages that i found given wrong ideas/exemples about this subject: From 198 till 206 >Conclusion: Using this packet filtering syntax it isn't possible to filter >packets based in information that appears in variable positions in the MAC >frames. >3Com is saying that this "Packet Filtering" feature makes thinks that he >don't do. >PS: I'v also reported this to the 3Com local representative. >I'm i wrong ? []---------------------------------------------------------------[] Pedro Ribeiro Online: http://www.isel.pt/~pribeiro/ IRC(PTnet) Nick: PAntMaR e-Mail: Personal: pribeiro
- Next message: YounGoat: "Re: DCC HiJacking patch for BitchX 75p1"
- Previous message: Michal Zalewski: "Linux PAM (up to 0.64-2) local root compromise"