Don't Understand BUG97

[MartyMar74]

Has anyone out there seen this?

OPRDATA: PDT: Buffer did not empty. device: /pty/ptty00.S , bytes left: 4

If so, what needs to be done to correct this?
Any info will be greatly appretiated. Switch type is CS1000MG

 

[RogerHutch]

Here is what I found on the subject. Did you have a high level engineer in your PBX lately? (not that I am sure that is the requirement for this error, put seeing the PDT association, I would assume that someone was in PDT mode when generating this bug code) If you have contracted support, I would use it to get some one to look at this.

Roger


PRODUCT_LINE: CS1000
============================================

TITLE
=====

Unable to connect to call server via rlogin and BUG0097

Conditions:
-----------
Call Server with ELAN configured and patch MPLR20155 installed.

Actions:
--------
Use nmap version 3.50
Specific settings:

Under Scan tab:
Scan Type : Connect Scan
Scan Extensions : RPC Scan (selected) OS Detection (selected) Version
Probe (selected)

Under Discover tab:
Ping Types: TCP ACK Ping (selected) UDP Ping (selected)

Under Timing tab:
Insane Throttling selected.

The overall command is
nmap -sT -sR -sV -O -PT -PU -T5 <ip address of call server>

Expected Results:
-----------------
After the scan, one can still able to connect to call server via rlogin.

Actual Results:
---------------
After the scan, sometimes, one unable to connect to call server via rlogin,
and the call server reports BUG0097 such as:
BUG0097 PDT: Buffer did not empty. device: /pty/ptty01.S , bytes left: 91

Notes:
------
The problem only happen on some PTY ports with BUG0097 reported after the
nmap scan. The patch MPLR20155 is required to prevent system INI.


Patch Solution:
---------------
The nmap scan could insert a flow control XOFF (Control S) character to
the PTY when it attempt to do a rlogin connection to the call server.
This blocked the PTY stream so it becomes unusable for the next rlogin.

The patch solution is to reset the read/write flow control flags on the
PTY device to be used for a new rlogin session.


See also MPLR20155 for preventing system INI during nmap scan.

 

[curtismo]

Has someone been doing security scans on your network lately? The way I read this, this can occur if someone has been using nmap to see what ports are open on your switch.

Now, this can be legit, or you could have a virus or trojan doing the same thing. Anyhow, the way I read this, if you configure Nmap in just the right way and scan your call server, you can keep rlogin from occuring, or much worse, cause an INI.

Even if this isn't the case, sounds like you might have a ETAS dialin.

 

[MagnaRGP]

I'd be concerned that something is able to access the ELAN that shouldn't, or worse.

Do you have OTM/TM or CallPilot? If so, are either of those able to access the internet directly? If yes to one or both, I would be performing AntiVirus scans on those servers post-haste!