The KSHELL (telnet) interface of the NETIO-230A remote controlled power distribution unit (PDU) from Koukaam has a bug that can be used as a denial of service (DoS) attack against this interface. If a connection to KSHELL is closed from the NETIO-230A, but not correctly closed by the client as well, the KSHELL process on the NETIO-230A will stop accepting new connections (the old one does not work any longer, because it has been closed). The only way to regain KSHELL access is to reboot the NETIO-230A, which must be done with physical access to the PDU.

The KSHELL interface has an idle timeout, after which the connection is closed. If the client is no longer available (network outage, suspended client notebook, DSL reconnect with new IP address, etc. pp.), the above problem occurs. In practice this will happen sooner or later.

I have reported the problem to Koukaam's support via e-mail and later described it in a forum thread. A release candidate firmware version 2.34RC1 (forum thread) was made available, that somewhat mitigated the problem by providing 6 KSHELL processes, each still having the same bug. Thus the problem will show itself less often, but it is still there. That was the last firmware released for the NETIO-230A.

The forum thread mentioned above included a step-by-step description of how to trigger the bug. I wrote a shell script to automate testing and made this available to Koukaam as well. The bug was not fixed during the shelf life of the NETIO-230A.

Since the failure case and thus the test script is kind of obscure, I am providing it here for further study and testing of network appliances by interested engineers. To test different services, adjust the values of variables K, N, and S accordingly.


Back to my homepage.