[8800] in bugtraq

home help back first fref pref prev next nref lref last post

3COM Documentation backdoors in CB3500

daemon@ATHENA.MIT.EDU (Pedro Ribeiro)
Wed Dec 23 19:04:19 1998

Date: 	Wed, 23 Dec 1998 17:22:27 -0000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Pedro Ribeiro <pribeiro@ISEL.PT>
To: BUGTRAQ@NETSPACE.ORG

This is a "report" i'v sent to 3com some days ago.

>While evaluating the 3com layer3 switch Corebuilder 3500 i'v detected while
>reading the "CoreBuilder 3500 Implementation Guide V2.0.0, PN:10011376"
that
>several examples given in the Packet Filtering Chapter 10 have serious
>"security mistakes".

>ALL the exemples of packet filtering of IP packets based on UDP/TCP ports
>information are wrong, simple because are assumed that the transport header
>fallows the basic IP header, witch isn't always true because beetwen the
>basic IP header and the transport layer header, a variable amount of IP
>options can appear.

>We can't simply index to position 24?? of the ethernet frame to get the
>transport layer port information, this is only true if there are no options
>fallowing the IP header.

>Pages that i found given wrong ideas/exemples about this subject: From 198
till 206

>Conclusion: Using this packet filtering syntax it isn't possible to filter
>packets based in information that appears in variable positions in the MAC
>frames.
>3Com is saying that this "Packet Filtering" feature makes thinks that he
>don't do.

>PS: I'v also reported this to the 3Com local representative.
>I'm i wrong ?


[]---------------------------------------------------------------[]
  Pedro Ribeiro
  Online: http://www.isel.pt/~pribeiro/
  IRC(PTnet) Nick: PAntMaR
  e-Mail: Personal:  pribeiro@isel.pt
          Admin:     admin@isel.pt
[]---------------------------------------------------------------[]

home help back first fref pref prev next nref lref last post