[9555] in bugtraq
Re: PPP/ISDN multilink security issue - summary
daemon@ATHENA.MIT.EDU (Marco S Hyman)
Sat Feb 13 16:25:38 1999
Date: Sat, 13 Feb 1999 00:03:17 -0800
Reply-To: Marco S Hyman <marc@SNAFU.ORG>
From: Marco S Hyman <marc@SNAFU.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 12 Feb 1999 09:14:12 PST."
<000101be56ab$1c5ff680$021d85d1@whenever.youwant.to>
David Schwartz writes:
> Ascend has stated (unofficially) that their implementation was at one point
> insecure, and relied upon the TEI or EDO (endpoint identifier) to make the
> decision. This is in violation of standards. They state that their
> implementation has been secure for about three years and will not bond two
> connections together unless the authenticate with the same username.
1) TEI is an ISDN thing. Perhaps you have confused the ISDN term TEI
(Terminal Endpoint Identifier) with the PPP term Endpoint Descriminator.
They are NOT the same thing. The PPP code knows nothing about the ISDN
TEI. It can't as PPP is not dependent upon ISDN.
2) Ascend code would add a link to an existing bundle if the Endpoint
Descriminator matched AND the link was authenticated. The bug
was that the authenticated user did not have to match the bundle's
user. Yes, that was incorrect. Yes, it would cause a DoS. However,
since the caller causing the DoS had to be authenticated (and was
logged) it was easy to see who was causing problems and trivial to
disable that login. But it's good to hear that the problem has
been fixed.
// marc
