Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) Win Nuke filtering doesn't work on MAX4000
Hi,
Our customers are experimenting nuke attacks very often.
We have a MAX4000 E1, load 6.0.2 - femk.40.
I visited a FAQ page from Ascend, and tried the filters indicated, EXACTELY
as shown:
------------ BEGIN OF FAQ -----------------
Question:
How do I protect my network against Win Nuke attacks?
Answer:
To protect your network against Win Nuke attacks, all you need
to do is to add a simple data filter to your ethernet port of
your Ascend MAX/Pipeline unit.
Create a new filter profile with the following properties:
Under Out Filter 01 -
Valid=Yes
Type=IP
IP... -
Forward=No
Protocol=6
Dest Port Cmp=Eql
Dest Port #=139
Out filter 02 -
Valid=Yes
Type=IP
IP... -
Forward=Yes
In filter 01 -
Valid=Yes
Type=IP
IP... -
Forward=Yes
Under the Ethernet -> Mod Config -> Ether Options... menu:
Set Filter = 1 (or whichever filter profile you use)
----------------- END OF FAQ ---------------
Unfortunately, in a few minutes after starting those filters, the MAX
STOPPED TO RESPOND to all types of TCP/IP requests, from telnet to ping! I
had to access it via console, as LAN was inaccessible.
I talked to a friend that adviced me that there's a bug in Ascend filtering:
when one filters UDP (in my case, I was just trying ICMP filtering), the ARP
table becomes "full" (or something like), and the TCP stack becomes
unusable.
What am I doing wrong?
If this fails, how to avoid Win Nuke?
Regards,
Ricardo
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups: