Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Verizon's phone rings off the hook with IPv6 questions
Cisco, Verizon power massive IP net at new Meadowlands stadium
Only 5 (all women) of 135 pass Defcon social engineering test
Disk storage still bouncing back, IDC says
Security program automatically tracks down missing patches
Cloud Security Alliance offers certification
Latest Skype beta offers group video calls for 10
The future of human-computer interaction
As Earl looms, tips to batten down IT
Botnet takedown may yield valuable data
Microsoft finalizes Windows Phone 7 code for fall release
Cisco buys wireless smart grid company
VMware customers cast a wary glance at Microsoft's virtualization tools
Hosted service promises to protect corporate documents on smartphones
IBM X-Force backs-off Google as major patch offender
/

Security glitch hits Foundry switches

Today's breaking news
Send to a friendFeedback

By Jim Duffy
Network World, 03/06/00

SUNNYVALE, CALIF. - A security problem has cropped up in Foundry Networks' ServerIron switches that make the devices susceptible to denial-of-service attacks.

According to an advisory posted on the BUGTRAQ mailing list, Foundry's implementation of TCP/IP lets attackers easily predict the sequence of data streams and spoof or hijack sessions. By spoofing sessions, attackers can flood ServerIron switches with bogus data, thereby denying service to legitimate traffic. The switches also expose the IP address predictability of attached hosts and servers, the advisory states.

BUGTRAQ is an independent mailing list in which users discuss security and quality issues. ServerIron switches are used to balance traffic loads between Web servers.

According to the advisory, ServerIron is vulnerable because its management IP address exposes the product's "rather poor" TCP/IP implementation.

"The predictability exposes sideband information about when the switch is being used by other [possibly legitimate] users," the advisory states.

The advisory was posted by Andrew van der Stock, security architect for e-Secure in St. Leonards, Australia. He declined to comment further on his post. As a workaround, his advisory suggests users filter off telnet, HTTP and SNMP access to the Foundry devices to only trusted management IP addresses. "Better yet," the advisory states, "disable SNMP and the Web interface and completely filter off telnet access. Remote management access is then only available via serial console."

Foundry's solution: Apply the fix posted on its Web site late last week.

Foundry says it has not received any reports from customers who have been hit with denial-of-service attacks due to the glitch. Some Foundry users contacted by Network World last week concurred, but were taking precautions nonetheless.

"I'm dealing with my contacts at Foundry to discuss what they're doing about it and what the potential side effects are," says Yoshio Kurtz, director of development at Proflowers. com. "I'm concerned about it, but if I knew everything that could be wrong with my car, I'd be concerned about that, too."

Stefan Silverman, master technologist at e-business integrator Scient in San Francisco, says the advisory is an over-reaction. "The exposure of the management interface or telnet interface to the entire world is the default configuration of every router or switch I've ever used. It's a much wider problem than just Foundry." Silverman was prompted by Foundry to call Network World.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.