AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:
CFG:
PT:0
S:andy.sharp@lsi.com
RQ:
SSV:mhbs.lsil.com
NSV:
SSH:
R:<Dave.Limato@lsi.com>,<Jobi.Ariyamannil@lsi.com>,<Brian.Stark@lsi.com>,<Sandrine.Boulanger@lsi.com>,<Raj.Kumar@lsi.com>
MAID:2
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/LSI/INBOX	0	D7A889C980962746B30DE07864593C02CF005439@cosmail02.lsi.com
X-Sylpheed-End-Special-Headers: 1
Date: Wed, 17 Feb 2010 13:07:48 -0800
From: Andrew Sharp <andy.sharp@lsi.com>
To: "Limato, Dave" <Dave.Limato@lsi.com>
Cc: "Ariyamannil, Jobi" <Jobi.Ariyamannil@lsi.com>, "Stark, Brian"
 <Brian.Stark@lsi.com>, "Boulanger, Sandrine" <Sandrine.Boulanger@lsi.com>,
 "Kumar, Raj" <Raj.Kumar@lsi.com>
Subject: Re: 2-259202356
Message-ID: <20100217130748.08f2c1ff@ripper.onstor.net>
In-Reply-To: <D7A889C980962746B30DE07864593C02CF005439@cosmail02.lsi.com>
References: <D7A889C980962746B30DE07864593C02CF005439@cosmail02.lsi.com>
Organization: LSI
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hello,

Our devices are expected to provide security for the users, not against
the users.  While we make sure that our devices are not trivially
vulnerable, it is not the purpose of the NAS device to provide
self-protection against all possible theoretical attacks.
Additionally, it is not designed to be an externally accessible device.
If the customer would like more protection, our Professional
Services arm can provide some consulting in the areas of firewall
construction, anti-port-scan settings on enterprise switches, and so
forth. Otherwise, the customer should keep their support contract up to
date and call us when they experience an actual attack.

Thank you,

The Management


On Wed, 17 Feb 2010 11:24:50 -0700 "Limato, Dave" <Dave.Limato@lsi.com>
wrote:

> Does anyone have a response for Tim? What is our position on DOS
> attacks? I can't imagine that we would ever try and resolve this
> issue so this fellow will be waiting for quite some time. My only
> response would be to put the gateways behind a trusted firewall.
> 
> DO we have a company position on this?
> 
> From: Swenson, Timothy
> Sent: Wednesday, February 17, 2010 10:13 AM
> To: Limato, Dave
> Subject: FW: 2-259202356
> 
> Dave,
> 
> Here is what I got back about the port scanner issue.  Have we ever
> said that we are immune to denial of service attacks, or do we have a
> stated position on DOS attacks?
> 
> Tim Swenson
> 
> 
> From: David Ciaglia [mailto:dciaglia@theocc.com]
> Sent: Wednesday, February 17, 2010 7:08 AM
> To: Swenson, Timothy
> Cc: Nick Fay; Ryan Reynolds
> Subject: Re: 2-259202356
> 
> Tim,
> 
> Here is the response from the Infosec team about the Qualys Scanner:
> 
> The Qualys scanner is performing a standard, low-level vulnerability
> check against a certain number of IP addresses. Some of these
> addresses are virtual and actually reside on a single On-Stor device.
> The scanner is specifically configured not to attempt any type of
> password or connection brute forcing. The scanner appliance is
> configured to only open a maximum of two HTTP connections at one
> time. Additionally, there is a specific list of TCP and UDP ports
> which are examined in addition to the full list of applicable
> vulnerabilities in the Qualys database.
> 
> The concern that was raised by our SAN team is that; when a scan is
> kicked off against a large number of of virtual IPs which reside on a
> small number of On-Stor devices, we have seen irregular behavior.
> This behavior is very similar to that of a denial of service attack,
> culminating in lack of access to the devices. The security concern
> centers around the possibility of a malicious user who would kick-off
> a program to open multiple, repeated HTTP connections to virtual
> On-Stor IP addresses and cause the device to become inaccessible. We
> would like to know when a fix will be available to resolve this issue.
> 
> Please let us know if there can be a resolution.
> 
> Thanks,
> 
> -Dave
> From:
> 
> "Swenson, Timothy" <Timothy.Swenson@lsi.com>
> 
> To:
> 
> David Ciaglia <dciaglia@theocc.com>
> 
> Date:
> 
> 02/16/2010 02:45 PM
> 
> Subject:
> 
> 2-259202356
> 
> 
> 
> 
> ________________________________
> 
> 
> 
> David,
> 
> It's been a few days since I've heard from you.  Did you have any
> questions or feedback on my last update on the port scanner case?
> 
> Thanks,
> 
> Timothy Swenson
> Escalations Engineer
> Customer Support
> T +1-866-SAN-FILE
> 
> LSI Corporation
> 254 East Hacienda Avenue
> Campbell, California 95008
> United States
> T +1-408-433-8771
> timothy.swenson@lsi.com
> lsi.com
