OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Foundry DoS at login prompt
From: //Stany (stanyNOTBSD.ORG)
Date: Sun Nov 12 2000 - 15:36:19 CST

On Sat, 11 Nov 2000 listsDIE.NET wrote:

> In the release notes for Foundry code v07.1.09, I noticed the statement:
>
> If you entered a very long string when prompted for a Telnet
> password, then pressed Enter before the software timed out the
> access attempt, the device reset.
>
> This functions exactly as it describes on FastIrons, BigIrons, and
> ServerIrons I have access to running various versions of firmware.
> If you can get to a login prompt, you can reload the device.

At the moment the only foundry device we have in production is ,
which is a NetIron.

telnetnetiron.magma.ottawa#sh ver
 SW: Version 06.5.10T13 Copyright (c) 1996-1999 Foundry Networks, Inc.
     Compiled on Jan 8 2000 at 02:24:28 labeled as N8R06510
 HW: NetIron Gigabit Switching Router, serial number 04b024
 200 MHz Power PC processor 603 (revision 7) with 32756K bytes of DRAM
  16 100BaseT interfaces with Level 1 Transceiver LXT975

In other words we are rather behind.

I have spent the last half an hour feeding thousands and thousands of As
to the "Please Enter Password:" prompt, but got nowhere.

I am attaching the script I used for checking. I tried upto 66000
instances of "A" sent down the line.

Perhapse I am doing something wrong (more then likely my script is buggy),
so please, if someone has more detailes, especially detailes that would
convince my management that NetIrons are vulnerable and that we really
should renew a support contract with Foundry Networks, please holler.

> This does not appear to affect ssh logins, which recent versions of the
> Foundry firmware support.
>
> If you have any Foundry gear with externally visible IPs, make sure you
> disable telnet or upgrade your firmware to the latest. This is particularly
> true if you use their load-balancer product, the ServerIron, which
> also supposedly functions to keep your site highly available.

When I actually make it to work on Monday, I'll be sure to check with a
ServerIron and a FastIron Workgroup that are sitting on my desk.

> -- Aaron

Signed:
//Stany 

--
+-------+ Stanislav N Vardomskiy - Procurator Odiosus Ex Infernis[TM] +-------+
| "Backups we have; it's restores that we find tricky." Richard Letts at ASR  |
| This message is powered by JOLT!  For all the sugar and twice the caffeine. |
+--------+ My words are my own.  LARTs are provided free of charge. +---------+