lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1064869195.3357.5.camel@ranjeet-pc2.zultys.com>
Date: Mon, 29 Sep 2003 13:59:56 -0700
From: Ranjeet Shetye <ranjeet.shetye2@...tys.com>
To: Claus A <bugtraq-me@....net>
Cc: bugtraq@...urityfocus.com
Subject: Re: SMC Router Denial of Service exploit


On Mon, 2003-09-29 at 13:13, Claus A wrote:
> Hi
> 
> > Tested on an SMC2404WBR - BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL
> > Broadband Router.
> 
> I ve just tested this code against my SMC 2404WBR. Firmware Version 1.0.10.
> But it didnt work.
> 
> I saw a lot of UDP & ICMP on the air, but I could access the AP all the
> time. Slower as normal but there was still a connection. As stopping the
> attack after ~ 10 min everything was just normal.
> 
> > Sending a stream of UDP random packets to multiple ports 0-65000 on the
> > router will cause the router to freeze until a soft reset is performed on
> > it.
> 
> I ran the attack against the wireless port.
> Perhaps it only works on the WAN Port?
> 
> Greets
> Claus

Can confirm DoS weakness in SMC 7004VWBR on WAN side.

Traffic = large loads of UDP and/or ICMP traffic on WAN side.
Stateful Packet Inspection is ON.
Firmware = v1.23 (Part No. 720.638)

(This information pertains to my home network and is unrelated to my
employer Zultys.)

-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ