Bindview Security Advisory -------- Cabletron SmartSwitch Router 8000 Firmware v2.x Issue date: November 24, 1999 Contact: Scott Blake Topic: Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR) Overview: Cabletron's SSR is a Layers 2-4 routing and switching device with one of the fastest switching architectures in the industry. Attackers can cause the SSR to stop handling any network traffic. Affected Systems: Bindview only confirms the vulnerability in the SSR 8000 running firmware revision 2.x. Due to the nature of the problem, other equipment may be vulnerable, including other manufacturers' products. Impact: A malicious attacker can cause the SSR to stop functioning for as long as the attacker can continue feeding packets to the device. Details: Cabletron indicates that the bottleneck appears to occur in the ARP handling mechanism of the SSR. The SSR appears to only be capable of handling ~200 ARP requests per second. Thus, by initiating network traffic to more than this critical number of IP addresses, an attacker can cause the router to stop functioning while the ARP handler is flooded. In extreme cases, with input rates only available on the local network, it may be possible to corrupt the SSR's configuration with a sustained flood of new IP addresses. The danger in this problem arises from the fact that many perimeter defenses (firewalls) permit ICMP through, which means that remote, anonymous attackers may be able to crash the SSR. Fix Information: Upgrade your SSR firmware to version 3.x: http://www.cabletron.com/download/download.cgi?lib=ssr