Re: (ASCEND) Win Nuke filtering doesn't work on MAX4000

To: "Ricardo Freire" <ricardo@allways.com.br>
Subject: Re: (ASCEND) Win Nuke filtering doesn't work on MAX4000
From: Dean Frye <dfrye@ascend.com.au>
Date: Wed, 20 May 1998 13:37:12 +1000
Cc: ascend-users@bungi.com
In-Reply-To: <003301bd836c$b19d61f0$0329dfc8@itapoan.allways.com.br>
Sender: owner-ascend-users@max.bungi.com

Ricardo,

When you apply filters to the ethernet interface, the last filter in the
chain should be a generic "allow all" filter (rather than an IP "allow all"
filter) to allow ARP requests to pass.

What you are seeing is the ARP entry ageing out on your PC and the MAX not
seeing the ARP request because of the filter.



Regards,

dean




At 06:25 PM 5/19/98 -0300, you wrote:
>Hi,
>
>Our customers are experimenting nuke attacks very often.
>We have a MAX4000 E1, load 6.0.2 - femk.40.
>I visited a FAQ page from Ascend, and tried the filters indicated, EXACTELY
>as shown:
>------------ BEGIN OF FAQ -----------------
>Question:
>How do I protect my network against Win Nuke attacks?
>Answer:
>To protect your network against Win Nuke attacks, all you need
>to do is to add a simple data filter to your ethernet port of
>your Ascend MAX/Pipeline unit.
>
>Create a new filter profile with the following properties:
>Under Out Filter 01 -
>Valid=Yes
>Type=IP
>IP... -
>Forward=No
>Protocol=6
>Dest Port Cmp=Eql
>Dest Port #=139
>
>Out filter 02 -
>Valid=Yes
>Type=IP
>IP... -
>Forward=Yes
>
>In filter 01 -
>Valid=Yes
>Type=IP
>IP...  -
>Forward=Yes
>
>Under the Ethernet -> Mod Config -> Ether Options... menu:
>Set Filter = 1 (or whichever filter profile you use)
>
>----------------- END OF FAQ ---------------
>
>Unfortunately, in a few minutes after starting those filters, the MAX
>STOPPED TO RESPOND to all types of TCP/IP requests, from telnet to ping! I
>had to access it via console, as LAN was inaccessible.
>
>I talked to a friend that adviced me that there's a bug in Ascend filtering:
>when one filters UDP (in my case, I was just trying ICMP filtering), the ARP
>table becomes "full" (or something like), and the TCP stack becomes
>unusable.
>
>What am I doing wrong?
>If this fails, how to avoid Win Nuke?
>
>Regards,
>Ricardo
>
>
>++ Ascend Users Mailing List ++
>To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd:	<http://www.nealis.net/ascend/faq>
>
>
-------------------------------------------------------------
Dean Frye                                      +61.3.96567000
Ascend Communications Australia                   0418 546635
lvl 38/55 Collins St
Melbourne VIC 3000
Ascend Asia Pacific Support:          apac.support@ascend.com
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

(ASCEND) Win Nuke filtering doesn't work on MAX4000

From: "Ricardo Freire" <ricardo@allways.com.br>

Prev by Date: RE: (ASCEND) Requesting all comments...
Next by Date: Re: (ASCEND) Supra is nuts!
Prev by thread: (ASCEND) Win Nuke filtering doesn't work on MAX4000
Next by thread: Re: (ASCEND) Win Nuke filtering doesn't work on MAX4000
Index(es):
- Main
- Thread