[20058] in bugtraq
Re: BinTec X4000 Access Router DoS Vulnerability
daemon@ATHENA.MIT.EDU (Stephan Holtwisch)
Fri Apr 6 14:08:11 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Message-ID: <5.0.2.1.1.20010406165355.02eaae28@proxy.immutec.com>
Date: Fri, 6 Apr 2001 17:17:03 +0200
Reply-To: Stephan Holtwisch <sh@IMMUTEC.COM>
From: Stephan Holtwisch <sh@IMMUTEC.COM>
X-To: jan@HUNDERT6.DE
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <XFMail.010404175249.jan@hundert6.de>
Content-Transfer-Encoding: 8bit
At 17:52 04.04.2001 +0000, Jan Münther wrote:
>BinTec X4000 locks up after nmap -sS portscan
In fact it has some other stupid "habits" as well.
If you send lots of small UDP packets over the
Link (a customer did this with a stub resolver),
it constantly had 5-10 % packet loss. As far as
i see it, it is a memory management problem.
You will find this kind of behaviour in various
Firmwares concerning NAT, IP Accounting etc.
>I have contacted BinTec on the 12th of March, informing them of the
>problem. One day later I received an answer in which they told me they
>were going to try and verify the phenomenon with a test setup. Despite
>offering them further information and assistance, I was yet to hear
>anything from them.
This sounds familiar...
>I have not heard anything from them ever since. I consider the fact
>that they have a problem with their products which even they decribe as
>'escalating' and were not able to clarify it within more than 20 days
>somewhat disturbing. What bothers me even more is the kind of
>information policy. I thought we were behind the
>security-through-obscurity phase.
On the other hand, if one reads the bintec Mailinglist,
one gets the impression that "reliability" and "security"
is not much of an issue with bintec but just "price".
Stephan
--
Stephan Holtwisch - sh@immutec.com
Geschäftsführung
immutec GmbH - Mendelstraße 11 - 48149 Münster
Tel: +49(0)251/980-1230 - Fax: +49(0)251/980-1231
www.immutec.com - info@immutec.com
