[9495] in bugtraq
Re: Security problems in ISDN equipment authentication
daemon@ATHENA.MIT.EDU (Josh Bailey)
Thu Feb 11 23:54:18 1999
Date: Thu, 11 Feb 1999 20:30:48 +0000
Reply-To: Josh Bailey <jbailey@ASCEND.COM.AU>
From: Josh Bailey <jbailey@ASCEND.COM.AU>
X-To: David Schwartz <davids@WEBMASTER.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000001be554a$51cb9570$021d85d1@whenever.youwant.to>
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 10 Feb 1999, David Schwartz wrote:
> Ascend determines whether to bond a new incoming PPP connection with a
> previous connection based upon the 'endpoint identifier'. As I recall, they
> claimed that they had to do this because they had to decide whether to bond
> or not _before_ they received any other authentication information.
First off, I'm not speaking officially for Ascend. :-) If you want an
official assurance you should give our TAC a call and they will be able to
put you through to someone authoritative.
I spoke to two engineers involved in Ascend's MP implementation just now.
While indeed the behaviour you specified was true in pre 4.6 software
(current version is 7), this issue has been resolved by including
authentication information along with the client's given endpoint.
This has been the case for nearly three years now.
Nonetheless, if you believe there's still a problem, please open a ticket
with us (or just mail me) with the precise details on how to reproduce it.
Thanks,
- --
Josh Bailey (mailto:josh@ascend.com)
Principal Engineer (Access), APAC Voice: +61-3-9656-7000
Ascend Communications, Inc Fax: +61-3-9656-7006
Level 38, ANZ Tower, 55 Collins St Mobile: +61-417-128-921
Melbourne, Australia PGP: SEND FILE jbailey.asc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBNsM9+syBE5tx+aP1AQEThQL9Fnc2Hp6FvJgXFM1fCMj43ZTI2zrqGGLQ
U+bM6cbsOssrX8tu977J/qLQ52H9T7a2Ns99lN0JtddzGipVNuuB2Mx2g9SrE5OI
7l65VqO2PCTof8tAoeLaWYHAwt8wM2GX
=Fztw
-----END PGP SIGNATURE-----
