Re: (ASCEND) news.com - Ascend Kill Article

To: Mike Jackson <mhjack@tscnet.com>
Subject: Re: (ASCEND) news.com - Ascend Kill Article
From: Jason Nealis <nealis@babylon.erols.com>
Date: Wed, 18 Mar 1998 03:24:03 -0500 (EST)
cc: ascend-users@bungi.com
In-Reply-To: <Pine.LNX.3.95.980317222039.14603B-100000@tscnet.com>
Sender: owner-ascend-users@max.bungi.com


On Tue, 17 Mar 1998, Mike Jackson wrote:

> 
> 
> On Tue, 17 Mar 1998, Jason Nealis wrote:
> 
> > 
> >  This is amazing, Why in the hell would they sit on it. This really
> > amazes me, I remember the last time something like this happened, It took
> > forever to get a fix. Please explain to me why you would use anything on
> > the discard port.

> 	Yes, this is a good point.  According to the date that I hear that
> Ascend knew about the problem, there would appear to have been time to get
> a fix at least in code that was released since that date.  The 2.0.0 TNT
> code is not very old, and it's got the problem..

 Exactly., Lets be real here, Ascend is not ever going to come out 
and say yes, We knew about the problem, but we didn't say anything. But.
Like I said before these guys have tons of engineering talent that 
some should be looking for these types of holes, Plain and simple.

> 
> > Ya know, Things were just getting stable, but hell, thats out the window
> > now. And one more thing, I wouldn't be pissed if 1 time I could learn
> > of exploits like this from Ascend, and not the damn users group.
> > 
> 
> 	I'm not particularly impressed by Ascend's response, both
> politically and technically.

I agree, They have never had the aggressive response that some of the other
vendors have had in regards to denial of service attacks, I look forward
to the day when they release a patch release that day. Tell me, How hard
is it just to turn off the port. Hell look at Port 150, This problem
let people bounce a box by attaching to the 150 port, All ascend had to do
was turn off the port, It took almost a month for that to happen.


Politically, instead of being truthful and promising a quick fix,
> they seemed to point the finger back at Secure Networks for letting the
> cat out of the bag.
> 
> 	Technically, they should have scrambled to design filters (for all
> platforms with detailed instructions for installing them) and we should
> have seen software upgrades available by now.

Agreed.


Jason Nealis
Direcotr Internet Operations 
Network Access 
Erols Internet

> 
> 	Also, I'm suprised that, what among all the undocumented commands
> within the Ascend Max TNT, that there isn't one to turn off admin selected
> UDP ports.  At this point, I'd like to know what all the other UDP ports
> in the thing are for..  There sure are a lot of them..  Use the
> (undocumented) 'ipportmap -m' command to see the ports..  Hey, where is 
> port 9?  Now that's interesting..  So there could be MORE?  Was Ascend
> hiding something here?
> 
> 					Mike Jackson
> 					TSCNet
> 
> 
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
> 

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

Re: (ASCEND) news.com - Ascend Kill Article

From: Mike Jackson <mhjack@tscnet.com>

Prev by Date: Re: (ASCEND) Ascend Kill II - perl version
Next by Date: Re: (ASCEND) Ascend Router SNMP Security Issues [Q]
Prev by thread: Re: (ASCEND) news.com - Ascend Kill Article
Next by thread: (ASCEND) Ascend Kill II - perl version
Index(es):
- Main
- Thread