What's the alternative, lots of serial port cards or dedicated machines
just for modems?
I have never encountered any computing equipment that was 100% bug free or
that couldn't be abused with legitimate commands by anyone with access.
>since ALL of netcom's 700 Terminal Servers run on these, as well as some of lo
>competitors like gate.net and digital.net :) In any case, here is the
>exploit code just to show how simple it really is.. it simply telnets
>the the portmaster and overflows its buffers.
Real simple solution, just as with the telnet break - secure the telnet access
with a packet filter.
If your admins are going to willfully crash the machines, then you have
bigger problems to worry about. I have a few good friends who run ISPs, and
this kind of thing doesn't worry them because they've firewalled their systems
well. (They happen to use PMs too...)
I'm not even sure you could call this a bug, I suppose you could try to
limit the data rate on a PM and cut off the telnet if the buffers are filling.
The more checking of that sort you do, the more overhead you put on the unit.
Everything is a trade off.
-MZ
-- Livingston Enterprises Technical Support Phone: 800-458-9966 FAX: 510-426-8951 support@livingston.com <http://www.livingston.com/> 6920 Koll Center Parkway #220, Pleasanton, CA 94566