 KAIFS V I PPremium,MVM
join:2001-01-11
CHEEEESE WI
1 edit | reply to J D McDorce
Re: [Nexland] New Firmware Has anyone tried it and can comment in detail on it?
very interested!!!
release notes indicate:
Corrections Included in this Release:
Issue 1 - Denial of service caused by a fast UDP port scan
A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN interface of the firewall will cause the firewall to lock up and stop responding. Turning the power off and on will reset the firewall.
Issue 2 - Filter bypass on WAN interface
A UDP port scan against the WAN interface of the firewall from a source port of UDP 53 bypasses filter on WAN interface and exposes the tftpd, snmpd and isakmp active services. All other ports are reported as closed.
Issue 3 - Default read/write community string on SNMP service
The default read/write community string used by the firewall is public, allowing an attacker to collect and alter the firewall's configuration. By combining this with issue 2 mentioned above, an attacker is able to exploit this against the WAN interface by sending SNMP GET/SET requests whose source port is UDP 53. The administrative interface for the firewall does not allow the operator to disable the service nor change the community strings. |
|
|
|
Peterg1Premium
join:2001-12-29
Montreal, QC Reviews:
 ·Videotron
| said by KAIFS:Has anyone tried it and can comment in detail on it? very interested!!! I have flashed my Pro 800 and it was uneventful as always. I have not tested whether the fixes actually work but I assume they do.
That all being said, I do not believe that this fix addresses other problems that the Nexland line have had, inter alia, operability with certain cablemodem systems.
If one looks at the sister Symantec line (100, 200 etc) you will see that there have been other fixes which, from the release notes for the new Nexland firmware were not implemented. And the differences between the Nexland and Symantec were very small (ability to function as a VPN endpoint, supposed SPI capability although same processing power and memory).
I made a usenet post on this here:
»tinyurl.com/5hclq
Peter |
|
 Need BB
join:2001-12-21
Rochester, NY | Well we need to find out how to change the device id, so we can flash the Symantec firmware on the nexland.
--
Hacking the D-link 900+ at:»home.earthlink.net/~mlampie/Powe···00+.html |
|
Need BB
join:2001-12-21
Rochester, NY | jumpers 1&2 have to be down. I am p*ssed that this doesn't work with the pro100! |
|
Peterg1Premium
join:2001-12-29
Montreal, QC Reviews:
·Videotron
| reply to Need BB
said by Need BB:Well we need to find out how to change the device id, so we can flash the Symantec firmware on the nexland. There was quite a detailed thread on this forum a few months ago and someone did look into this in depth and tried various experiments. It simply did not work. You will find this with a search.
I think we just have to be satisfied with small mercies and accept what Symantec has given us.
Peter |
|
