[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031203185959.K21382-100000@gatekeeper.intra.bartsplace.net>
Date: Wed, 3 Dec 2003 19:13:15 +0100 (CET)
From: Bart van Leeuwen <bart@...tsplace.net>
To: kevin.milne@...il.com
Cc: bugtraq@...urityfocus.com
Subject: Re: speedtouch 510 DOS
The problem as you mention it is something that I have seen as well.
For all I have been able to find, it has to do with the load on the
ethernet port and very likely, with the occurance of collisions on the
ethernet segment it is connected to.
Currently, my modem is connected to a dedicated router with a crosslink,
and I have no problem whatsoever. However, as soon as I use a hub to
connect multiple machines to it, and create substantial load on the
segment so that collisions start occurign regularely, the behavior as
you describe occurs. This is regardless of if the modem has to 'route' the
traffic or not, local traffic will do the trick as well, as long as the
modem gets to see it on its ethernet port.
I have 2 such modems, and tried with 2 borrowed ones, and in all cases the
behavior is identical.
I have not been able to recreate this behavior with an outside attack.
On another note, it seems to be able to overflow the NAT table of the
modem by bombarding it with incomming connections for a port for which an
inbound mapping has been made (no surprise that it is possible, but the
ease with which it is possible is amazing), which will affect every other
inbound nat definition, and will make the browser based user interface
fail.
Id you have to use this modem anyway, use it with a dedicated link to a
machine that is gonna do ppoe and all the nat stuff..
regards, Bart.
Powered by blists - more mailing lists