This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Denial of Service Vulneribility on my XG17 device after a scan

My IDS is up to max.

Denial of Service: stream.c

Description

general/tcp

Description:

It seems it was possible to make the remote server crash using the 'stream.c'
attack.

An attacker may use this flaw to shut down this server, thus preventing
your network from working properly.

Solution : contact your operating system vendor for a patch.
Workaround : if you use IP filter,
then add these rules :

block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all

Reference : online.securityfocus.com/.../42729
Reference : online.securityfocus.com/.../42723

Risk factor : Medium

CVSS Score:
2.1

Denial of Service: Ascend Kill

Description

9/udp

Description:
It was possible to make
the remote Ascend router reboot by sending
it a UDP packet containing special data on
port 9 (discard).

An attacker may use this flaw to make your
router crash continuously, preventing
your network from working properly.

Solution : filter the incoming UDP traffic coming
to port 9. Contact Ascend for a solution.

Risk factor : Medium

CVSS Score:
5.0

This thread was automatically locked due to age.

0 rfcat_vk over 7 years ago

Hi Rick,

these appear to more to do with your internet facing router/modem than the XG. There is nothing there that points the XG, only at Ascend.

Unless you have port 9 open for some reason, by default it would be dropped by the XG so adding another drop firewall rule is not going to help.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Pickle Rick over 7 years ago in reply to rfcat_vk

How about:

Denial of Service: stream.c

The first one...that seems kind of generic and not addressing ASCEND.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 7 years ago in reply to Pickle Rick

If you are using default IPS then that covers the settings. Also appears to be aimed at a server which has to process the stream not at a firewall that will scan the stream if it passes the various checks of the firewall.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Pickle Rick over 7 years ago in reply to rfcat_vk

That makes sense, thank you.

It's just weird that IDS didn't stop it (and it's maxed out at 7k signatures).
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 7 years ago in reply to Pickle Rick

Hi Rick,

let us hope that one of the mods with ore experience in the IPS field reads your answer/question and can provide a more detailed answer?

Ian

As a mater of interest having all the IPS signatures does not improve your security. They are designed for various systems and if you are not running mail server, linux server etc having those signatures does nothing for your network security.
Cancel
Vote Up 0 Vote Down

Cancel