Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jan (janHUNDERT6.DE)
Date: Wed Apr 04 2001 - 12:52:49 CDT
BinTec X4000 locks up after nmap -sS portscan
The BinTec X4000 is a mid-sized multi-purpose, multi-protocol router
meant to fit the needs of small to medium companies. Unfortunately, it
has a bit of a problem.
A simple nmap SYN scan (nmap -sS) will cause
the machine to lock up completely. It can neither be accessed through
LAN nor through a serial connection or the built in, LCD-display-based
MMI (man-machine-interface). The only way of getting it back to life is
to pull the plug and put it back in.
I have contacted BinTec on the 12th of March, informing them of the
problem. One day later I received an answer in which they told me they
were going to try and verify the phenomenon with a test setup. Despite
offering them further information and assistance, I was yet to hear
anything from them.
After a subsequent ultra-necessary 14-day-holiday, I originally
expected the arrival of a message containig results. There was nothing,
So I phoned them up again, just to hear they've verified the problem
and handed it to their development staff. Asking why they didn't tell
me about this fact they replied the development staff never contacts
the customers directly. Also, in these cases the support staff contacts
the distribution partners and they contact their very own customers. So
I phoned my dealer and he phoned hist distributor, none of which was
informed, despite having submitted own requests for info after I told
them of the vulnerability.
I have not heard anything from them ever since. I consider the fact
that they have a problem with their products which even they decribe as
'escalating' and were not able to clarify it within more than 20 days
somewhat disturbing. What bothers me even more is the kind of
information policy. I thought we were behind the
As far as I know, every firmware version has the vulnerability, though
I've only verified this with 5.1.6 Patch 10 of the bootimage and
logicware 1.05. I've used nmap 2.53.
Ah, and before I forget it: BinTec has introduced a 4-week-money-back
warranty for the X4000 from April 1st onwards. Hardly a coincidence.
-- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muentherradio.hundert6.de