We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
3 days, 21 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Cisco buffer overflow vulnerability
Posted on 2016-07-17
Got an IPS alert that says " Telnet: Cisco Buffer Overflow Vulnerability (High)
Network Security Platform has detected a "High (9)" attack.
Attack type: Signature: telnet-cmd-too-long"
Can I correctly say:
a) if we don't have telnet service enabled on all our Cisco devices, then we're not
vulnerable (even if telnet is enabled on some other legacy systems) ?
b) this only affects Cisco 676/677 devices, so if we don't have these devices in
our environment, then we're not vulnerable
If I'm mistaken to make above 2 statements, do elaborate & explain
Network Security Platform has detected a "High (9)" attack.
Attack type: Signature: telnet-cmd-too-long"
Can I correctly say:
a) if we don't have telnet service enabled on all our Cisco devices, then we're not
vulnerable (even if telnet is enabled on some other legacy systems) ?
b) this only affects Cisco 676/677 devices, so if we don't have these devices in
our environment, then we're not vulnerable
If I'm mistaken to make above 2 statements, do elaborate & explain
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
3 Comments
Active today
If we have PCs that do telnet to our AS400 servers, would this activity
trigger such alerts?
trigger such alerts?
Active today
Correction:
> Cisco 676/677
should be
Cisco 678/677
The other question is we don't always get this alert, so is it likely that this is triggered
by telnet from a PC to the AS400 host? Or someone issued a different telnet access
this time round?
> Cisco 676/677
should be
Cisco 678/677
The other question is we don't always get this alert, so is it likely that this is triggered
by telnet from a PC to the AS400 host? Or someone issued a different telnet access
this time round?
Active today
Your IPS observed some telnet traffic that matched the signature for "Telnet: Cisco Buffer Overflow Vulnerability". IPS thinks there is a high probability that the traffic it saw was an attempt at a buffer overflow attack against whatever the target system was.
Is it possible it was a false alarm? Yes. But you shopuld assume it is a real attack until you can prove otherwise. We'd need to know more, like see the specific packets involved to determine if it was a real attack or a false alarm.
What host was destination of this attack? Was it your AS/400? What was the source address of the problem packets? Was it a host within your network, or an unknown outside host?
If you don't use Telnet anywhere in your network, then you don't have to worry about this attack or any other Telnet-related attacks. But attackers don't tend to stop with just Telnet attacks - they tend to attack every open port or service they find - hoping to discover a vulnerable service.
Is it possible it was a false alarm? Yes. But you shopuld assume it is a real attack until you can prove otherwise. We'd need to know more, like see the specific packets involved to determine if it was a real attack or a false alarm.
What host was destination of this attack? Was it your AS/400? What was the source address of the problem packets? Was it a host within your network, or an unknown outside host?
If you don't use Telnet anywhere in your network, then you don't have to worry about this attack or any other Telnet-related attacks. But attackers don't tend to stop with just Telnet attacks - they tend to attack every open port or service they find - hoping to discover a vulnerable service.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
- Superb Internet
- Hardware Firewalls
- Security
- Server Hardware
- Server Software
- *firewall management, *firewalls
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication. I found to my own chagrin, that there is a big downside as well.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’
As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month3 days, 21 hours left to enroll
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.