Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 5402 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Denial of Service Vulneribility on my XG17 device after a scan

Pickle Rick

My IDS is up to max.

 

Denial of Service: stream.c
Description
general/tcp

Description:

It seems it was possible to make the remote server crash using the 'stream.c' 
attack. 

An attacker may use this flaw to shut down this server, thus preventing 
your network from working properly.

Solution : contact your operating system vendor for a patch.
Workaround : if you use IP filter,
then add these rules :

block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all

Reference : online.securityfocus.com/.../42729
Reference : online.securityfocus.com/.../42723

Risk factor : Medium

CVSS Score:
2.1
 
 
 
 
 
 Denial of Service: Ascend Kill
Description
9/udp

Description:
It was possible to make
the remote Ascend router reboot by sending
it a UDP packet containing special data on
port 9 (discard).

An attacker may use this flaw to make your
router crash continuously, preventing
your network from working properly.

Solution : filter the incoming UDP traffic coming
to port 9. Contact Ascend for a solution.

Risk factor : Medium

CVSS Score:
5.0


This thread was automatically locked due to age.
Parents
  • 0

    Hi Rick,

    these appear to more to do with your internet facing router/modem than the XG. There is nothing there that points the XG, only at Ascend.

    Unless you have port 9 open for some reason, by default it would be dropped by the XG so adding another drop firewall rule is not going to help.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    How about:

    Denial of Service: stream.c

     

    The first one...that seems kind of generic and not addressing ASCEND. 

  • 0 in reply to Pickle Rick

    If you are using default IPS then that covers the settings. Also appears to be aimed at a server which has to process the stream not at a firewall that will scan the stream if it passes the various checks of the firewall.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    That makes sense, thank you.

     

    It's just weird that IDS didn't stop it (and it's maxed out at 7k signatures). 

  • 0 in reply to Pickle Rick

    Hi Rick,

    let us hope that one of the mods with ore experience in the IPS field reads your answer/question and can provide a more detailed answer?

    Ian

    As a mater of interest having all the IPS signatures does not improve your security. They are designed for various systems and if you are not running mail server, linux server etc having those signatures does nothing for your network security.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Pickle Rick

    Hi Rick,

    let us hope that one of the mods with ore experience in the IPS field reads your answer/question and can provide a more detailed answer?

    Ian

    As a mater of interest having all the IPS signatures does not improve your security. They are designed for various systems and if you are not running mail server, linux server etc having those signatures does nothing for your network security.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Cookie Information Banner