<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: BUG: crasher, pkcipe?
From: ewheeler,AT,kaico,DOT,com
Date: Tue, 15 Jan 2002 00:54:31 +0100
In-reply-to: <20020114081631.B13112@amavi.com>

As I understand the crash bug, it can be exploited from anywhere, and
because it is udp, spoofing the source would be trivial.

The quickest fix for the moment would be to use ipchains/tables to drop
packets destined to your machine on your CIPE ports which come from
anywhere but trusted sources.  Unfortunately, the sources can still be
spoofed, so it would have to be someone who knows what your trusted ip's
are in order to be successful in an attack.

iptables -A INPUT -j ACCEPT -s  x.x.x.x -p udp --destination-port xxx
iptables -A INPUT -j ACCEPT -s  x.x.x.x -p udp --destination-port xxx
iptables -A INPUT -j ACCEPT -s  x.x.x.x -p udp --destination-port xxx
...
iptables -A INPUT -j DROP -p udp --destination-port xxx

where xxx is your cipe port, and x.x.x.x are trusted ip's.

That should secure you a little bit :)

--Eric

On Mon, 14 Jan 2002 chanlon-list,AT,gx,DOT,ca
wrote:

> Does anyone have more details on the cipe bug.  Does a connection
> need to be established for the problem to occur?  Could the problem
> happen accidentally or would someone need to exploit it
> intentionally?
> 
> Chris
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 

-- 

Eric Wheeler
Network Administrator
KAICO
20417 SW 70th Ave.
Tualatin, OR 97062
www.kaico.com
Voice: 503.692.5268





<< | Thread Index | >> ]    [ << | Date Index | >> ]