Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Network Appliances :: napl5370.htm

3Com OfficeConnect Remote 812 ADSL Router PAT vulnerability



28th May 2002 [SBWID-5370]
COMMAND

	3Com OfficeConnect Remote 812 ADSL Router PAT vulnerability

SYSTEMS AFFECTED

	Probed in firmware versions:  V1.1.9 and V1.1.7 for the OCR812

PROBLEM

	Ismael Briones Vilar (ismael@el-mundo.net) found following:
	

	There is a problem in PAT(Port Address Translation) that can be used  to
	access all ports in the computer behind  the  router.  When  we  try  to
	connect to a port that is  not  redirected  to  a  computer  behind  the
	router using PAT, there is no problem,  the  router  don\'t  allow  this
	connection. But if before we connect to a port redirected using PAT  and
	inmediately we try to connect to any port not redirected using PAT,  the
	router allows the  successive  connections  to  any  port.  The  problem
	exists with TCP and with UDP.
	

	IMPACT:
	

	Allow access to all ports in the computer  behind  the  router.  If  you
	find a port redirected  using  PAT,  you  can  access  all  ports,  make
	scans,..... and all you can imagine.
	

	 Update (14 06 2002) by Ismael

	 ======

	

	educm@softhome.net inform  me  about  a  feature  called  iNAT  or  iPAT
	(Intelligent NAT/PAT. I think this should  be  called  Stupid  NAT/PAT).
	With this feature, when a connection  is  established  from  a  computer
	behind the router with a remote computer, the router redirects  all  the
	connections from the remote computer to the computer that  initiate  the
	connection behind the router,  even  if  the  ports  aren\'t  redirected
	whith PAT. Somebody from 3Com Europe  sent  me  a  mail  with  the  same
	explanation, and write  a  text  extracted  from  812CLI  (Version  2.0)
	documentation (see attachment). But iNAT/PAT really has a bug.
	

	When we try to connect to a port that is not redirected  to  a  computer
	behind the router using iPAT, there is no problem, the  router  doesn\'t
	allow this connection. But if before we connect  to  a  port  redirected
	using iPAT and inmediately we try to connect to any port not  redirected
	using iPAT, the router allows the successive connections  to  any  port,
	redirecting the  connections  to  the  internal  computer.  The  problem
	exists with TCP and with UDP. The problem exists  when  iPAT  is  enable
	(It is enable by default) and it isn\'t a feature, it is a  bug.  A  lot
	of people sent me mails saying that this is a feature called  iNAT,  but
	the iNAT isn\'t working as it should.
	

	

SOLUTION

	Use firewalls in the computers behind the router or wait for a  firmware
	update   ;-)
	

	 Update (14 06 2002) by Ismael

	 ======

	

	Disable iNAT/PAT  (Caution:  Some  programs,  like  NetMeeting  may  not
	work). There is an unoficial version of the firmware (version 2.1.2)  at
	http://www.adslnet.ws/ (  http://es.geocities.com/doelgroup/mr020102.zip
	) that seems not to have the bug. If somebody tries it,  make  me  know,
	please.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH