[6328] in bugtraq
Re: SNI-26: Ascend Router Security Issues
daemon@ATHENA.MIT.EDU (Cyril Jaouich)
Tue Mar 17 17:52:56 1998
Date: Tue, 17 Mar 1998 15:33:11 -0500
Reply-To: Cyril Jaouich <twiggy@twiggy.spider.org>
From: Cyril Jaouich <twiggy@TWIGGY.SPIDER.ORG>
To: BUGTRAQ@NETSPACE.ORG
This is about the UDP bug found in Ascend products:
The fix posted by Ascend works but is not perfect, since it ONLY
works for IP traffic. If you put this filter on your Ethernet interface,
arp messages will stop being processed. This is caused by the second
filter condition that lets ONLY Ip thru. Below is the correct filter, it
is also good to put in the Output filter I've made.
Thanks
-----------------------
90-501 UDP Attack
-----------------
In filter 01
>Valid =Yes
Type = IP
Generic...
IP...
Ip...
>Forward = No
Src Mask = 0.0.0.0
Src Adrs = 0.0.0.0
Dst Mask = 0.0.0.0
Dst Adrs = 0.0.0.0
Protocol = 17
Src Port Cmp = None
Src Port # = N/A
Dst Port Cmp = Eql
Dst Port # = 9
TCP Estab = N/A
--
In filter 02
>Valid =Yes
Type = GENERIC
Generic...
IP...
Generic...
>Forward=Yes
Offset=0
Length=0
Mask=0000000000000000
Value=0000000000000000
Compare=Equals
More=No
-----------------
Out filter 01
>Valid =Yes
Type = IP
Generic...
IP...
Ip...
>Forward = No
Src Mask = 0.0.0.0
Src Adrs = 0.0.0.0
Dst Mask = 0.0.0.0
Dst Adrs = 0.0.0.0
Protocol = 17
Src Port Cmp = None
Src Port # = N/A
Dst Port Cmp = Eql
Dst Port # = 9
TCP Estab = N/A
--
Out filter 02
>Valid =Yes
Type = GENERIC
Generic...
IP...
Generic...
>Forward=Yes
Offset=0
Length=0
Mask=0000000000000000
Value=0000000000000000
Compare=Equals
More=No
-----------------
Cyril Jaouich [CJ837]
---------------------
ACC DATA OPERATIONS EASTERN CANADA
----------------------------------
