COMMAND
APC PowerChute Plus
SYSTEMS AFFECTED
APC PowerChute Plus 5.1 NT
PROBLEM
Mark Frieden found following. He discovered a "Denial of Service
attack" on your PowerChute Plus 5.1 (Windows NT) software. He was
doing some port scans of our servers to see what all was running.
Mark noticed that two of his servers (which also happen to be
connected to SmartUPS 2200 w/serial cable and running PowerChute
Plus 5.1 NT) had ports 6667 and 6668 available. 6667 and 6668 are
typically used for IRC (Internet Relay Chat).
He tried to connect to the servers with a standard IRC client
configured for port 6667. The connection was refused. So at
least the servers where not open to just anyone. Then he noticed
that the UPS Service (PowerChute 5.1) was not running on the
server. The service apparently just crashed. There was no
indication of "Stopped" or "Started" when looking at NT Services.
Just a blank. He then started the UPS Service and it came up
just fine. Mark tried the IRC connection again and once again the
UPS Service stopped running. He tried connecting to the server
with the PowerChute Plus 5.1 client on his PC. It was not able
to find the server until he started the UPS Service again.
He also tried connecting with a remote IRC client (outside our
subnet and outside the University campus). Again the UPS Service
crashed and had to be restarted.
This behavior occurs with both of our NT servers that are
connected to SmartUPS 2200's with the same PowerChute Plus 5.1
version installed. It appears that anyone with readily
obtainable IRC client software can attempt a connection and crash
the NT UPS PowerChute Service from anywhere on the Internet.
SOLUTION
This issue has been fixed in 5.2 to the degree that PowerChute
can't be crashed by IRC software. 5.2 for NT 4.0 should ship
around the end of December (before the W2K version).