IBM DataPower: Denial Of Service Vulernability

A friend of mine forwarded me this DoS attack against the IBM DataPower XS40 SOA Security Appliance using only the standard OpenSSL command line client. Apparently you can cause the box to reboot by sending a random string over an SSL-enabled socket connection.

I got in touch with a friend with access to an IBM DataPower XI50 and they were unable to reproduce the issue on the integration device, but that doesn't mean similar issues like this one aren't going to crop up, especially in a closed-off hardended device like this. I also wonder if this attack was an accident or if it was the result of a concentrated security analysis on the device itself.

I think this is where it makes sense to reexamine closed-off products in light of well known design principles like security through obscurity and ask if it makes sense to protect enterprise and SaaS applications with this type of device as contrasted with a software solution that runs on an open-source with a known risk profile.

Posted by Blake Dournaee on 3:30 PM

2 comments:

digital signature PDF said...

I have also heard about the vulnerability that you mentioned but as I also managed access to an IBM DataPower XI50 and I also could not reproduce the issue .But I agree that reexamining closed-off products in light of well known design principles is a good way.

Followers

About Me

My photo
I have been working in the XML/SOA and security space for about 10 years. I currently work at Intel Corporation in their software group. I wrote the first book on XML Security and am a co-author of SOA Demystified from Intel Press. My interests are an eclectic mix of computing, security, business, technology and philosophy