Or Qualys.... BobL
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Rob Schramm Sent: Thursday, May 05, 2011 3:30 PM To: [email protected] Subject: Re: RIP issue with HMC - security violation? Port Scanner is my bet. Rob Schramm On Thu, May 5, 2011 at 5:20 PM, Tony Harminc <[email protected]> wrote: > On 5 May 2011 16:42, Todd Burrell <[email protected]> wrote: > > > Description : > > > > The remote RIP listener accepts routes that are not sent by a > > neighbor. > > > > This cannot happen in the RIP protocol as defined by RFC2453, and > > although the RFC is silent on this point, such routes should > > probably be ignored. > > > > A remote attacker might use this flaw to access the local network if > > it is not protected by a properly configured firewall, or to hijack > > connections. > > > > Solution : > > > > Either disable the RIP listener if it is not used, use RIP-2 in > > conjunction with authentication, or use another routing protocol. > > > > Risk Factor : > > > > High / CVSS Base Score : 7.5 > > Did they confirm that the HMC "accepts" any received (bogus) routes? > How did they determine that there is a RIP listener present? (RIP is > UDP, so it isn't a matter of setting up a TCP session to a port and > calling that a "listener".) Did they actually send it a route, and > then query it and see that their route was shown in the routing table > response? In that case, there may well be a real security issue. > Otherwise, there is nothing wrong if it is just ignoring inbound > routes. > > Tony H. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- Rob Schramm Senior Systems Engineer w: 513.305.6224 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ------------------------------------------------------------------------------ This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications. ============================================================================== ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
