Re: [load balancing] Alteon 21.0.7 code and telnet to the virt address

From: Tony Bourke <tonyIZZATvegan.net>
Date: Tue May 10 2005 - 13:09:55 EDT

Cihan,

Definately you should not be able to telnet to a virt and get the
command prompt.

I remember the bug you're talking about, years ago, where you hit a
random port on a virt and it would redirect you either towards the
Alteon's IP itself, or it would do port translation on ports you didn't
specify, such as RPC (TCP port 111).

I'd check to make sure you can't hit potentially dangerous ports, and if
you can, firewall it or put some ACLs on the Alteon.

Tony

cihan subasi wrote:

> You should not telnet to the virt and get the login prompt should you?
>
> That was an old bug and now with the new code it is reappeared. TSDMP
> is attached but it is very easy to create the fault, just create a
> virt, with a real under it with a running service so the the virt is
> UP. Then telnet to the virt ip address, you will get the login prompt.
>
> Now anybody with the access rights can telnet to the virt ip address
> and by trying the password can access to the config...
>
> _________________________________________________________________
> En etkili ve güvenilir PC Korumayi tercih edin, rahat edin!
> http://www.msn.com.tr/security/
>
> ____________________
> The Load Balancing Mailing List
> Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
> Archive: http://vegan.net/lb/archive
> LBDigest: http://lbdigest.com
> MRTG with SLB: http://vegan.net/MRTG
> Hosted by: http://www.tokkisystems.com

____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
Received on Tue May 10 14:17:26 2005

This archive was generated by hypermail 2.1.8 : Tue May 10 2005 - 14:58:38 EDT