Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3077
HistoryJun 13, 2002 - 12:00 a.m.

Part II: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router

2002-06-1300:00:00
vulners.com
15
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TITLE: A more detailed description of 3Com ® OfficeConnect® Remote 812 ADSL
Router

DESCRIPTION: A big description of the vulnerability, Status and Solutions.
I send this mail to explain the real problem and the solutions to all these
people that were interested in the bug.

Thanks to all people that has sent me a email with theirs experienced

PROBLEM SUMMARY:

    In the previous mail, I advertised about a problem in PAT(Port

Address Translation) that can be used to access all ports in the computer
behind the router. [email protected] inform me about a feature called iNAT
or iPAT (Intelligent NAT/PAT. I think this should be called Stupid NAT/PAT).
With this feature, when a connection is established from a computer
behind the router with a remote computer, the router redirects all the
connections from the remote computer to the computer that initiate the
connection behind the router, even if the ports aren't redirected whith PAT.
Somebody from 3Com Europe sent me a mail with the same explanation,
and write a text extracted from 812CLI (Version 2.0) documentation (see
attachment). But iNAT/PAT really has a bug.

BUG:
When we try to connect to a port that is not redirected to a computer
behind the router using iPAT, there is no problem, the router doesn't allow
this connection. But if before we connect to a port redirected using iPAT and
inmediately we try to connect to any port not redirected using iPAT, the
router allows the successive connections to any port, redirecting the
connections to the internal computer. The problem exists with TCP and with
UDP. The problem exists when iPAT is enable (It is enable by default) and it
isn't a feature, it is a bug.
A lot of people sent me mails saying that this is a feature called iNAT, but
the iNAT isn't working as it should.

SOLUTIONS:

    Disable iNAT/PAT (Caution: Some programs, like NetMeeting may not

work). There is an unoficial version of the firmware (version 2.1.2) at
http://www.adslnet.ws/ ( http://es.geocities.com/doelgroup/mr020102.zip )
that seems not to have the bug. If somebody tries it, make me know,
please.

Ismael Briones Vilar Mundinteractivos - El Mundo
Area de Internet Pradillo, 42
[email protected] 28002 - Madrid (SPAIN, EU)
http://www.elmundo.es/ Tel: (+34) 915864800 (Ext: 4615)
Fax: (+34) 915864480

GPG PubKey:
fingerprint: 8FD8 1450 29AC 5B5F 4186 0417 B67A 978F 281C D54F
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0x281CD54F

"Este negocio, es un organismo vivo. Se multiplica sin cesar
rodeado por depredadores. No hay cabida para tiempo ocioso ni vacilaciones.
Nuevos descubrimientos nos inundan, nuevas ideas, listas para ser devoradas,
redefinidas. Este negocio en binario. Eres un uno o un cero, vives o
mueres…"
Gary Winston (AntiTrust)

"Good artists copy, great artists steal."
Pablo Picasso

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9B4IatnqXjygc1U8RAu/QAKCfF8K299YHckLKa6MYVWHRORXFHwCfR+xy
/fm65CLKYVDrz04gR1hFO34=
=f5/8
-----END PGP SIGNATURE-----

JSON