Vulnerability Development mailing list archives

TopLayer layer 7 switch Advisory

From: nawk () REAL-SECURE COM (User nawk)
Date: Sat, 20 May 2000 08:30:23 -0400


Hi,

    I have been testing the TopLayer 2500 layer 7 switch, which can be found
at www.toplayer.com. From what I was testing so far the switch looked to do
great things. It even suppose to have security features to prevent DoS from
icmp to other IP based filtering. I decided to do a little more testing on
the switch itself and I found something very disturbing. It looks as if you
send icmp with some bad IP versions, fragmented packets, IP option packets
and bad icmp checksum, it will crash the switch in a heart beat. Also if you
do this a few times, the switch is died as in needs to be replaced. I had
the TopLayer engineers look at this problem and they now realize this is a
very serious problem. I used the latest version of there software. If anyone
is using this product call your rep. As to date there is no fix.

Thank you
nawk
www.real-secure.com

" Are you real secure? "

Current thread:

Re: String checking with PHP, (continued)
- - - Re: String checking with PHP Joe (May 24)
    - Re: String checking with PHP Arturo Busleiman (May 24)
    - Why not a changeling? Daniel Petzen (May 20)
    - Re: Why not a changeling? Bluefish (May 20)
    - Re: Why not a changeling? Daniel Petzen (May 20)
    - Netscape forms using standard windows controls No User (May 21)
    - Re: Netscape forms using standard windows controls Derek Reynolds (May 21)
    - Re: Netscape forms using standard windows controls Pavel Kankovsky (May 22)
    - Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
    - Re: Why not a changeling? Bluefish (May 21)
    - TopLayer layer 7 switch Advisory User nawk (May 20)
    - Re: chsh Segfault on FreeBSD 3.3 Pavol Luptak (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Taneli Huuskonen (May 19)
- CAU Technologies, Inc. Security Advisory 2000.05.19.001 : Default Syslog Installations Security Advisory (May 19)
- UPDATE on possible new "e-mail virus" concept ? Zoa_Chien (May 19)
  - Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
    - Re: UPDATE on possible new "e-mail virus" concept ? Jon Williams (May 20)
    - Windows IP Fragment Reassembly Vulnerability Masial (May 20)
    - Re: Windows IP Fragment Reassembly Vulnerability Mikael Olsson (May 21)
    - Re: Outlook HTML VBS (demo) Michael Hendy (May 21)
    - Re: Outlook HTML VBS (demo) Masial (May 22)

(Thread continues...)