exploit the possibilities

es-3810.txt

es-3810.txt
Posted Aug 17, 1999

No information is available for this file.

tags | paper
MD5 | d20b7a4d8120e80f9b9fa1313a467d23

es-3810.txt

Change Mirror Download
    
[@########L######O######U###############@]
[L]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[L]
[O]*Legions Of the Underground*********[O]
[U]*FUN WITH THE ES-3810 AN ATM REALITY[U]
###*brought to you by optiklenz********###
@########################################@

--------------------------------------------------------------------------
NAME: Steve Stakton a.k.a. <optiklenz>
AFFILIATION: LOU- Legions Of the Underground
GOAL: TO KNOW BOTH WHAT EVERYONE ELSE KNOWS, AND DOESN'T KNOW
AGE: CAN YOU COUNT TO 24?
HEIGHT: WHY DONT I JUST DRAW YOU A FULL SKETCH COMPOSITE FOR YOUR WANTED POSTERS?
WHERE: ON THE ROAD
DESTINATION: YET TO BE DECIDED
INTEREST: PHONE SYSTEMS (WHO DOESN'T USE THE TERM
COSMOS ON A DAY TO DAY BASIS), NETWORKS, ELECTRONICS, BEER,
RIGGING THE LOCAL NMS TO BREED WITH THE NEIGHBORS PDN. SOUTH PARK,
AND GIRLS WITH SLIGHT FACIAL HAIR
TURN-OFFS: PEOPLE WHO THINK THEY KNOW THINGS THEY DONT, AND GIRLS
WITH TO MUCH FACIAL HAIR.
HANGOUTS: VENICE BEACH, Narkotik Illusions, The Abyss & the Electronic Source BBS
MUSIC GROUPs: Pink Floyd, and ICP, Rolling Stones (NO SECURITY!)
WEB: http://www.legions.org, http://www.t00ned.org/optik/
OS OF CHOICE: *BSD
OS'S THAT SUCK: CALDERA, MACOS, AND THAT ONE OS MADE BY THAT BILL GUY.
--------------------------------------------------------------------------

"Get out and ride on, baby, ride on, baby
Ride on, baby, ride on, baby
I could pick your face out in an FBI file
You may look pretty but I can't say the same
for your mind" -Rolling Stones


On with the show...


First off there are some definitions, and Acronyms to be familiar with.

AMI (ATM Management Interface) - The user interface to switching control
software. AMI lets you monitor and change various operating configurations of
switches and network module hardware and software, IP connectivity, and SNMP
network management

Bandwidth- usually identifies the capacity of data that can be sent through a given
circuit; may be user-specified in a PVC.

CBR (Constant Bit Rate)- A type of traffic that requires a continuous, specific
amount of bandwidth over the ATM network (e.g., digital information such as video
and digitized voice

ANSI (American National Standards Institute)- A private organization that coordinates
the setting and approval of some U.S standards. It also represents the U.S ISO

BIP (Bit Interleaved Parity)- An error detection technique in which character bit patterns
are forced into parity, so that the total number of one bits is always odd or even.

DSR (Data Set Ready)- an RS-232 modem interface control signal (sent from the modem to the DTE
on pin 6) which indicates that the modem is connected to the telephone circuit.

DTE (Data Terminal Equipment)- generally user devices, such as terminals and computers that
connect to data circuit terminating equipment. They either generate or capture data
sent by the network

ATDM (Asynchronous Time Division Multiplexing)- A method of sending information that
resembles normal TDM, except that time slots are allocated as needed rather
than prearranged to specific transmitters.

EM- The CellPath 300 extension module; paired with the system controller and supporting
an optional PCMCIA card.

FDDI (Fiber distributed Data Interface)- High-speed data network that uses fiber-optic as
the physical medium

EPROM- Erasable Programmable Read Only Memory.

CLP (Cell Loss Priority)- the last bit of byte four in an ATM cell header; indicates
the eligibility of the cell for discard by the network under congested conditions.


[Introductory to the Management Station
------------------*

The ES-3810 is a switching architecture; it provides one with the ability to work with
multiple switched Ethernet ports along with high performance ATM server and backbone connections
to work with powerful network managing.

The management console for the ES-3810 uses a menu based interface that utilizes
A VT-100 terminal or VT-100 emulator like ProComm or PC Plus. The serial interface
of the ES-3810 connects directly to either the DTE interface of the ASCII terminal or
a serial port of the PC or workstation running terminal emulation.

Note: If the NMM's SNMP-based management or IGMP support is going to be used, a console
connection is required the first time the NMM is brought online since an IP address,
subnet mask and possibly a gateway must be defined.



[System Specs
------------------*

Aggregate Throughput | 720,000 pps (packets per second)
Latency | 61 ~s per 64-bp (byte packets)
Filter/Forward Speed | 14,881pps
Addresses/Port | 4 [workgroup]; 8,192 [segment]
Buffering/Port | 256kb
Media | UTP


Print of settings an ES-3810

____________________________________________________________________________
| |
| ES-3810 Interface Configuration |
|____________________________________________________________________________|
| | |
| Type: SEC-10b | Full Duplex: Disabled |
| MAU: 10BaseT | Loopback: Disabled |
| Number: 0 | Mode: Workgroup|
|_____________________________________|______________________________________|
|Media Configuration: Auto-Negotiation In Process |
|____________________________________________________________________________|
| | |
| Link Detected: No | Forced Transmits: Disabled|
| Link Polarity: Correct | VLAN Extension: n/a |
| | Multicast Filtering: n/a |
|_____________________________________|______________________________________|
| | Transmitter: Enabled |
| Receiver: Enabled | Transmit Buffer: Enabled |
| Receive Buffer: Enabled | |
|_____________________________________|______________________________________|
| | |
| Sniff Segment: Disabled | Transmit Sniffed Packets: Disabled|
| Blocking: Disabled | Transmit Blocked Packets: Disabled|
| Receive Errors: Disabled | Transmit Flagged Packets: Disabled|
| Multicast Promiscuous: Disabled | Multicast Hash Upload: Disabled|
| Individual Promiscuous: Disabled | |
|_____________________________________|______________________________________|
|lou%: ef cfg; do 6fde8000 |


[VLAN Assignments
------------------------*

VLANs are OSI Layer 2 [data link] multicast domains. VLAN membership is
not necessarily tied to a physical proximity. The ES-3810 supports three
criteria: MAC address based assignment to a VLAN, IP Multicast Group based
assignment, and port base assignment.

[MAC Address based and Port based VLANs
---------------------------------------*

MAC address based VLAN assignments supersedes port based VLAN assignment.
By adding an ATM module you can extend any VLAN into ATM by assigning a LEC
(Lan Emulation Client) instance to the VLAN. A VLAN extended into ATM must
be named with the same NAME and CASE as the ELAN for example, an ELAN called
"Lab" exists and you want the station on ES-3810 port 16 to join it. On the
#s-3810 you must create a VLAN called "Lab" (case sensitive) and assign port
16 to it. when asked to "configure a LEC" say yes. The ES-3810 will join
(in proxy) the ELAN called "Lab" and allows the station port 16 communication
rights.


[IGMP Based VLANs
---------------------------------------*
Some TCP/IP applications use IP multicasts to deliver data to many stations
at once. How ever multicasting can cause problems because stations that are
not interested in receiving multicast data to see it anyway. This causes
Ethernet segment congestion and unnecessary interrupts on workstations.
Filtering these multicasts via IGMP can reduce congestion and keep the network
moving smoothly.

IGMP is designed to add further granularity within a VLAN. If a station from two
separate VLANS join the same IP multicast group; the IP multicast stream has to be
sourced twice. The IP client of the ES-3810 is reachable from the first configured
VLAN, independent of that VLANs name. Since, by default the first VLAN is called "default"

[Routerless Network
------------------------*

A routerless network is one in which the ES-3810 switches Ethernet attached host to ATM
where high speed servers are found. Typically one or several of the following apply

* Network has no VLAN-to-VLAN traffic requirement
* Primary NOS is client/server based
* Security is a MAJOR concern (trust me on this one)
* Servers are on ATM for maximum performance

Any network matching one or more of the above scenarios would benefit from a
routerless network because clients from different VLANs can access the same
server but not other VLANs

[Centralized Routing Network
----------------------------*

A centralized routing network is one in which the ES-3810 switches Ethernet
attached host to ATM where high-speed servers and router interfaces are found.
Typically the ES-3810 can be utilized in a network that meets one or more of
the following criteria


* Maintenance of relatively flat network
* Some VLAN to VLAN connectivity
* Some VLAN to VLAN packet level filtering/firewalling
* Traffic is 80% local and 20% routed
* Network could collapse into fewer subnets by switching to ATM


[Exploiting TFTP/ES-3810
------------------------*

Issuing the command line rs :/cd usr do _filter area_ off will disable POST recognition
by other users. Another thing that can be done is gaining remote access this can only
happen if TFTP is binded to the system, and on the same subnet as the ES-3810 system.
(which it should be by default if utilized). Since there is no password authentication
you can use tftp to access the systems password file. Although you have read access to
the password file other flags, and restricted privileges keep you from deleting any
critical data. Logs maybe? =] .. More will be written on ES-3810
security features/insecurities when time permits.


To fix this disable TFTP by issuing the following command

lou% tftp dgram udp wait user /etc/tftpd tftpd -n

Sources Cited:

Fore Systems



-optiklenz <optik@legions.org>

-D A T A D E S I R E S T O B E F R E E-

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBDR6E3wRBADHm2aiODOCowgDqXdcFvooCTrQe6tDPqznXChCO1p0t12hhQZe
0C+/xBorkJXlqOaDadmUQVZP3Kij97SOTWU1AS1SPSTzF6VAylHalGz9iUHjxa7g
SSAVrLUMngWG7hxnz7lBHFIQ8iQPjWvK5qhEQ9vcBF9ped9StPRsZlljIwCg/02Z
XXrVaJUtWAxUaAARUdPt0FsEAKyhGuQA1HgGWM/GQxpvBvmDqHkNGxM9YyrF1Dg1
PWAoNuG8GdJazj18c2AODp68NwPH0dUYTxKc4ejR//OcOfl1HRfE0thJEDpqkSyQ
2iobKGkYdmug666pe0Xr3wkgBE+rnzC3RLlUdnRAu25MuEqlc6yRWAT0YH/Pl9IB
eDRGA/4uAuFiEiyfd3Djhi7Wwh8/qiG7SChW0arEXq3RqHQqd3EaVR1FgNzCtvxg
kK2mY07XeSX2fjlWo4ynrBdl5QXbOn9X+GzDcw1z9FBVQHaY0EJMoE0fb53bTyCG
0bdCMTid1DUKhJeekW6cPZvRQlu5IjH/+FVT9S38UsAMMwwrCrQlU3RldmUgU3Rh
a3RvbiA8b3B0aWtsZW56QGxlZ2lvbnMub3JnPokASwQQEQIACwUCNHoTfAQLAwEC
AAoJEGgSVovfJxzQFfcAn0WybtLnFw9jf9agk7xUaikjEjLkAKCYfA1rx/SXP5Je
v5R0+ZVMqIGiibkCDQQ0ehN8EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlL
OCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N
286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/
RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2O
u1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqV
DNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAgf+OCRz2nG+
SSCrgZY2nIGz68SO+2h3weFMzdBSWQDjZ5Fa7GjRBPeTRQvectPvSqcwjeZTq8DE
1AVI/oFw1mChgfV7CgQuC+P0OK+jr6tIwyhM6gdo5NEdD7/uLWJfFi2l/AP4skVv
ydmg1KGlxjvtjOFKhOGoV2vSTPRGn1l1lCzBZPRur0xTtNwk5b54o8g/NlMEsO/p
/P6CRP4J1WlDkH66jST+ygAYNN0AtRy0eEPUxu7+dYC4OgT0xCcglCqKf7hnMGrf
s/I2MHBbhSmdtcW5pLYcEb8iwXEitGN+plAy+OZrygJ4ytFAdnL2r9NmegUPTYz0
3t4M3hiITUmiP4kAPwMFGDR6E3xoElaL3ycc0BECKBQAoKqOQNZ82RmU4rsZRM9l
a6QdQeSVAJ469y3cLO1eU5oMYpLdvSGevh0mSg==
=cpan
-----END PGP PUBLIC KEY BLOCK-----

EOF
Login or Register to add favorites

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close