Vulnerability

    Ascend pipeline 75, Maxen (5.0Ap51, file ti.m40)

Affected

    Ascend pipeline routers

Description

    Eric Thacker found following.  He noticed that he could keep  open
    the password  prompt past  the normal  time limit  by sending  one
    character every second.  This resets the timer to 0 and keeps  the
    telnet session to the router from being closed.  Open up a  second
    telnet to the router and did this again.  Ascend pipeline  routers
    only allow 2  telnet sessions, at  this point any  future attempts
    get rejected.  You can keep these connections for hours by sending
    data  to  both  password  prompts  which  would  keep  anyone from
    configuring this router.

Solution

    The way to stop this is to reboot the router and telnet in  before
    another telnet session is opened by the attacker.  Ways to fix the
    problem:

        1. Filter all incoming telnet  traffic to the router from  the
           internet
        2. Turn off telnet access and use the console port
        3. Don't configure your router :-)

    You can always set up secure-access on it (if you want to waste  a
    few bucks),  or just  set up  a few  filters so  that only certain
    boxes (or only the LAN) have  access to telnet to the box.   There
    is a FAQ that addresses that issue at:

        http://www.ascend.com/faqs/400/122.html