[Ascend] (ASCEND) Re: Exploits or other for MAX's

[Peter Lalor]

>From: Anssi Sallinen <anssi.sallinen at jippiigroup.com>
>
>I just had a chat with our head of corporate security and we wondered
>off to the subject of the security of our Ascend/Lucent equipment.
>
>Are there any known exploits or dos-tools running around designed
>to penetrate or knock-out MAX's? I'd appriciate any information on
>the subject.

Maxen used to be vulnerable to Ping-of-Death, but this was fixed many 
releases ago. Sorry, can't recall which release exactly, but suffice 
to say if you're still running a vulnerable version you deserve what 
you get. ;-)

Recent TAOS releases have SYN-flood protection, and this should be 
turned on. It will report to syslog when it's triggered.

Last week we had a a DSL Terminator 100 running 8.0.3 start crashing 
furiously. After much effort and peering at traces this was traced to 
UDP packets hitting a route to rj0 in the Terminator. Apparently, the 
Terminator was dying trying to send Host Unreachable. We're not yet 
sure if this is a deliberate exploit or just a bug that some new 
traffic suddenly triggered. We've reported it to Lucent and CERT, but 
no response from either yet. Changing the rj0 routes to bh0 is an 
effective workaround. If this does turn out to be an exploit, I'll 
report it here.
-- 

Peter Lalor           Infoasis
plalor at infoasis.com   http://www.infoasis.com/

"Where's my burrito?" -- Homer
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>