Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Keith Pachulski (Keith.PachulskiCORP.PTD.NET)
Date: Mon Feb 19 2001 - 09:40:02 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hash: SHA1

    Denial of Service Condition exists in Fore/Marconi ASX Switches
    - ----------------------------------------------------------------------
    - -

    Author: Keith Pachulski, PenTeleData Network Security Team

    Tested: Condition was tested and verified on ASX-1000 switches
    running ForeThought6.2 software.

    Problem: When an ASX switch receives a crafted packet with certain
    attributes in the packet, the ASX switch telnetd and/or httpd will
    enter into a close wait state and refuse telnet and web interface
    management connections until the switch is reloaded. Which service to
    enter into the close wait state depends on which service was
    targeted. If both telnet and web are targeted, the switch will become
    unresponseive to all remote management. The switch will need to be
    physically power cycled to allow for management. The attack does not
    hinder the switches ability to operate though, it only refuses
    connections for remote management.

    Vulnerability: A combination of SYN-FIN and More Fragments will cause
    the remote management service to enter into a close_wait state until
    the switch is power cycled.

    Workaround: Filter all traffic destined to the switches for remote
    management. There is no vendor supplied patch or code upgrade as of
    this writing for the Denial of Service condition. The vendor has been
    notified and is aware of this condition in the device.

    Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

    -----END PGP SIGNATURE-----