lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 13 Dec 2005 10:33:46 +0100
From: Thierry Zoller <Thierry@...ler.lu>
Cc: partners@...unia.com, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com, news@...uriteam.com,
	submissions@...ketstormsecurity.org
Subject: Re: [scip_Advisory] NetGear RP114 Flooding Denial
	of Service


Dear Marc Ruef,

MR> III. EXPLOITATION
MR> Running TCP SYN flooding is very simple and can be realized by a large
MR> variety of public attack tools. But it is also possible to initialize
MR> such an attack my misusing a port scanning utility. Starting a scan with
MR> nmap by Fyodor with the following command is able to reproduce the
MR> denial of service:
MR>    nmap -PS80 192.168.0.0/24

Note: This is a device which costs 44,44€

You fail to say whether this is done from INSIDE -> OUTSIDE or vice
versa, which really is the point which makes this a "vulnerability"
instead of a simple bug.

I found countless other Gateways "vulnerable" to this, most SHO DSL gateways even
crash when you run Emule for 24hours (same cause). The reason is that
with the NAT functions they simply can't handle a larger NAT Table
(which grows quite rapidely with SYN scanning..).

I never reported this issue because I thought and I still think this
is not really an security issue.

>VI. WORKAROUND
>Do not plug the RP114 in not-trusted networks where the inter-connection
>requires a high availability.
Who will use an RP114 (44€) for in an high availability environment?



PS. Don't do Pentests over SOHO DSL gateways... it is a baaaad idea.
-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ