I have blocked telnet access to the Class C which my arcs site on as a temporary fix ... ----- Original Message ----- From: Ed Taylor <ed@taylors.com> To: <usr-tc@lists.xmission.com> Sent: Friday, August 13, 1999 7:50 PM Subject: (usr-tc) HiperARC - Dangerous HiperBomb
For HiperBomb code check out:
http://www.securityfocus.com/templates/archive.pike?list=1
It is very serious and reboots the HiperArc's from anywhere.
Ed
---------- Original Message ---------------------------------- From: "Jamie Orzechowski" <mhz@ripnet.com> Reply-To: usr-tc@lists.xmission.com Date: Fri, 13 Aug 1999 19:03:36 -0400
Just reading my Securityfocus email list and attacked was a new "Remote HiPER ARC nuking program"
I have the source if anyone cares to have it ...
----- Original Message ----- From: Jonathan Chapman <jchapman@1ST.NET> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, August 12, 1999 6:10 PM Subject: 3com hiperarch flaw [hiperbomb.c]
Hello,
The attached program will reboot a 3com HiperARC. I made an attempt to contact 3com before posting this report, however, I received no response. By flooding the telnet port of a 3com HiperARC using the provided program, the HiperARC unconditionally reboots. This program is effective over all interfaces, including a dialup.
Regards,
Jonathan Chapman Director of Network Security FIRST Incorporated jchapman@1st.net www.1st.net
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Thus spake Jamie Orzechowski
I have blocked telnet access to the Class C which my arcs site on as a temporary fix ...
Another possible fix (I assume...haven't tested for sure) would be to disable the telnet service....that has the obvious side affect of making them unavailable to network management via the CLI though...If you can get by with SNMP management, that could work...just remember my previous notice about elevated SNMP access if you have multiple access levels defined on the Arc's SNMP agent. Best bet I guess would be to relay SNMP requests via the NMC...slows things down, but is the securest method at this point I 'spect. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (2)
-
Jamie Orzechowski -
Jeff Mcadams