Date: Mon, 2 Nov 1998 11:24:30 -0600 From: Tim Yocum <tyocum@WWA.COM> Subject: APC PowerNet SNMP vulnerability To: BUGTRAQ@NETSPACE.ORG Several days ago after installing an APC PowerNet SNMP module (v3.0.0, firmware revision 82.9.D MWD) into a SmartUPS 2200 series UPS, I decided to try out a few of the well-known DoS attacks on it after getting the module up on the network. The results didn't surprise me too much - the module will reboot after being hit with nestea/teardrop, and probably others. I contacted APC about the problem last week and received two replies: "This device was not meant to withstand malicious attacks. That is why it should be protected behind a firewall along with other network devices." and "There is no fix scheduled for this. The device is more secure when used on a secured network protected by a firewall." I'm somewhat disturbed by response from APC as it'd be quite simple for someone to interrupt SNMP data gathering from these devices since it takes the module anywhere from 20 seconds to a full 3 minutes to reboot. Workarounds are obvious; either put the SNMP module on a non-routable IP block or put it behind a firewall. Maybe APC will fix this problem, but at this point I wouldn't keep my hopes up. Regards, - Tim -------------------------------------------------------- Tim Yocum - NT Systems Administrator Verio, Inc. - http://chicago.verio.net