[17905] in bugtraq
Re: Cisco 675 Denial of Service Attack
daemon@ATHENA.MIT.EDU (Popsite)
Mon Dec 4 14:36:34 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <005301c05cc7$2d9a2d20$0300a8c0@009.popsite.net>
Date: Sat, 2 Dec 2000 17:20:08 -0800
Reply-To: Popsite <calvin@LAKEWOODPRES.ORG>
From: Popsite <calvin@LAKEWOODPRES.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
I suspect that Chuck is a longstanding Q/USWest DSL customer, and according
underestimates the severity of the impact on Qwest.net. Qwest (then USWest)
has been delivering DSL for about 2.5 years now. I was the first customer
in my CO to get hooked up. I had the original Netspeed in bridge mode.
Soon after that Cisco bought out Netspeed and started shipping the units
with a Cisco 675 nameplate, but otherwise untouched internally (open up a
Rev 1.4 model and see the Netspeed ASIC). Then came the Rev 2.X models,
which is the vast majority of the current installed base, since Q/USWest
shipped the 2.0 models out as free replacements to all existing customers,
and mine was still used in bridge mode. A year after the initial
installation, I moved and my new installation (with USWest.net) went in as
PPP mode. So, for the last 18+ months Q/USWest.net installations have been
installed in PPP mode, and Q/USWest has been pushing the PPP mode to all
ISP's, though it is not a requirement (yet). I am certain that suggesting
that 99% of Q/USWest.net customers are in bridge mode is inaccurate. If
anything, 99% are in PPP mode. Mostly only original (first 6-12 months of
availability) customers would still be in bridge mode.
CRC
----- Original Message -----
From: "poke" <poke@OLY.SILVERLINK.NET>
Sent: Friday, December 01, 2000 12:14 PM
Subject: Re: Cisco 675 Denial of Service Attack
> QWest DSL (of which I am a customer/user) uses the 675 in bridging mode
> (in fact that is how it was delivered). AFIK it can be affected by traffic
> about as much as a dumb hub can. However, you can make it active, give it
> an IP address etc if you want to use it's NAT or WebAdmin capabilities.
> Then you are vulnerable... 99% of those QWest customers who use the 675
> probably wouldn't have a clue or a reason to change this.
>
> -Chuck
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> :"Condense fact from the vapor of nuance"| $s=$ARGV[0];$n='';while($s) :
> : 25 -> ten.knilrevlis@wkcuhc | {$s=~s/(.$)//;$n=$n.$1;} :
> : 80 -> ekop/ten.knilrevlis.www//:ptth | print "$n\n"; :
> ----------------------------------------------------------------------
> Organization is the destruction of truth...
>
