Re: (ASCEND) In Defense Of Ascend...

To: jshaw@insync.net (Joe Shaw)
Subject: Re: (ASCEND) In Defense Of Ascend...
From: tqbf@secnet.com
Date: Wed, 18 Mar 1998 17:41:02 -0600 (CST)
Cc: tqbf@secnet.com, ascend-users@bungi.com
In-Reply-To: <Pine.SOL.3.96.980318161814.6072E-100000@vellocet.insync.net> from Joe Shaw at "Mar 18, 98 05:16:04 pm"
Reply-To: tqbf@secnet.com
Sender: owner-ascend-users@max.bungi.com

> No, you can't with a cisco.  However, anyone who had half a brain and
> about 15 minutes could have breezed through the SEC - Security supplement
> part of their manual and read about what needed to be done to SNMP.  I

The SNMP-to-operator equivalence breaks the security model of the Ascend
interface, too --- you don't need "Full access", or "Edit Security"
access, to see the SNMP communities in the Ethernet/Mod Config menu. Using
SNMP, "Edit System" access can be parlayed into complete operator access.

Perhaps that's a known fact, but it was one of the motivating factors for
including the issue in the advisory. I agree, the major issue was the port
9 reset-the-router bug.

-----------------------------------------------------------------------------
Thomas H. Ptacek			     		Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf				"mmm... sacrilicious"

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

Re: (ASCEND) In Defense Of Ascend...

From: Joe Shaw <jshaw@insync.net>

Prev by Date: Re: (ASCEND) P25 hash codes
Next by Date: (ASCEND) Has anyone gotten NavisAccess to work seemlessly with HP Openview
Prev by thread: Re: (ASCEND) In Defense Of Ascend...
Next by thread: Re: (ASCEND) In Defense Of Ascend...
Index(es):
- Main
- Thread