Port Scanner is my bet. Rob Schramm
On Thu, May 5, 2011 at 5:20 PM, Tony Harminc <[email protected]> wrote: > On 5 May 2011 16:42, Todd Burrell <[email protected]> wrote: > > > Description : > > > > The remote RIP listener accepts routes that are not sent by a > > neighbor. > > > > This cannot happen in the RIP protocol as defined by RFC2453, and > > although the RFC is silent on this point, such routes should probably > > be ignored. > > > > A remote attacker might use this flaw to access the local network if > > it is not protected by a properly configured firewall, or to hijack > > connections. > > > > Solution : > > > > Either disable the RIP listener if it is not used, use RIP-2 in > > conjunction with authentication, or use another routing protocol. > > > > Risk Factor : > > > > High / CVSS Base Score : 7.5 > > Did they confirm that the HMC "accepts" any received (bogus) routes? > How did they determine that there is a RIP listener present? (RIP is > UDP, so it isn't a matter of setting up a TCP session to a port and > calling that a "listener".) Did they actually send it a route, and > then query it and see that their route was shown in the routing table > response? In that case, there may well be a real security issue. > Otherwise, there is nothing wrong if it is just ignoring inbound > routes. > > Tony H. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- Rob Schramm Senior Systems Engineer w: 513.305.6224 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
