[LWN Logo]

Date:	Mon, 2 Nov 1998 11:24:30 -0600
From:	Tim Yocum <tyocum@WWA.COM>
Subject:      APC PowerNet SNMP vulnerability
To:	BUGTRAQ@NETSPACE.ORG

Several days ago after installing an APC PowerNet SNMP module
(v3.0.0, firmware revision 82.9.D MWD) into a SmartUPS 2200
series UPS, I decided to try out a few of the well-known DoS
attacks on it after getting the module up on the network. The
results didn't surprise me too much - the module will reboot
after being hit with nestea/teardrop, and probably others. I
contacted APC about the problem last week and received two
replies:

"This device was not meant to withstand malicious attacks.  That
is why it should be protected behind a firewall along with other
network devices."

and

"There is no fix scheduled for this.  The device is more secure
when used on a secured network protected by a firewall."

I'm somewhat disturbed by response from APC as it'd be quite
simple for someone to interrupt SNMP data gathering from these
devices since it takes the module anywhere from 20 seconds to a
full 3 minutes to reboot.

Workarounds are obvious; either put the SNMP module on a
non-routable IP block or put it behind a firewall.

Maybe APC will fix this problem, but at this point I wouldn't
keep my hopes up.

Regards,

- Tim

--------------------------------------------------------
Tim Yocum               -       NT Systems Administrator
Verio, Inc.             -       http://chicago.verio.net