[8800] in bugtraq
3COM Documentation backdoors in CB3500
daemon@ATHENA.MIT.EDU (Pedro Ribeiro)
Wed Dec 23 19:04:19 1998
Date: Wed, 23 Dec 1998 17:22:27 -0000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Pedro Ribeiro <pribeiro@ISEL.PT>
To: BUGTRAQ@NETSPACE.ORG
This is a "report" i'v sent to 3com some days ago.
>While evaluating the 3com layer3 switch Corebuilder 3500 i'v detected while
>reading the "CoreBuilder 3500 Implementation Guide V2.0.0, PN:10011376"
that
>several examples given in the Packet Filtering Chapter 10 have serious
>"security mistakes".
>ALL the exemples of packet filtering of IP packets based on UDP/TCP ports
>information are wrong, simple because are assumed that the transport header
>fallows the basic IP header, witch isn't always true because beetwen the
>basic IP header and the transport layer header, a variable amount of IP
>options can appear.
>We can't simply index to position 24?? of the ethernet frame to get the
>transport layer port information, this is only true if there are no options
>fallowing the IP header.
>Pages that i found given wrong ideas/exemples about this subject: From 198
till 206
>Conclusion: Using this packet filtering syntax it isn't possible to filter
>packets based in information that appears in variable positions in the MAC
>frames.
>3Com is saying that this "Packet Filtering" feature makes thinks that he
>don't do.
>PS: I'v also reported this to the 3Com local representative.
>I'm i wrong ?
[]---------------------------------------------------------------[]
Pedro Ribeiro
Online: http://www.isel.pt/~pribeiro/
IRC(PTnet) Nick: PAntMaR
e-Mail: Personal: pribeiro@isel.pt
Admin: admin@isel.pt
[]---------------------------------------------------------------[]