Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Apple tops the $100B+ tech club
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
How the Phoenix Suns basketball team takes on social media attacks
Microsoft details Windows 8 for ARM devices
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Macs take on the enterprise
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
FBI unbolts Steve Jobs 1991 investigation file
/

Security glitch hits Foundry switches

Today's breaking news
Send to a friendFeedback

By Jim Duffy
Network World, 03/06/00

SUNNYVALE, CALIF. - A security problem has cropped up in Foundry Networks' ServerIron switches that make the devices susceptible to denial-of-service attacks.

According to an advisory posted on the BUGTRAQ mailing list, Foundry's implementation of TCP/IP lets attackers easily predict the sequence of data streams and spoof or hijack sessions. By spoofing sessions, attackers can flood ServerIron switches with bogus data, thereby denying service to legitimate traffic. The switches also expose the IP address predictability of attached hosts and servers, the advisory states.

BUGTRAQ is an independent mailing list in which users discuss security and quality issues. ServerIron switches are used to balance traffic loads between Web servers.

According to the advisory, ServerIron is vulnerable because its management IP address exposes the product's "rather poor" TCP/IP implementation.

"The predictability exposes sideband information about when the switch is being used by other [possibly legitimate] users," the advisory states.

The advisory was posted by Andrew van der Stock, security architect for e-Secure in St. Leonards, Australia. He declined to comment further on his post. As a workaround, his advisory suggests users filter off telnet, HTTP and SNMP access to the Foundry devices to only trusted management IP addresses. "Better yet," the advisory states, "disable SNMP and the Web interface and completely filter off telnet access. Remote management access is then only available via serial console."

Foundry's solution: Apply the fix posted on its Web site late last week.

Foundry says it has not received any reports from customers who have been hit with denial-of-service attacks due to the glitch. Some Foundry users contacted by Network World last week concurred, but were taking precautions nonetheless.

"I'm dealing with my contacts at Foundry to discuss what they're doing about it and what the potential side effects are," says Yoshio Kurtz, director of development at Proflowers. com. "I'm concerned about it, but if I knew everything that could be wrong with my car, I'd be concerned about that, too."

Stefan Silverman, master technologist at e-business integrator Scient in San Francisco, says the advisory is an over-reaction. "The exposure of the management interface or telnet interface to the entire world is the default configuration of every router or switch I've ever used. It's a much wider problem than just Foundry." Silverman was prompted by Foundry to call Network World.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.