[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45CCC05F.8010600@csuohio.edu>
Date: Fri, 09 Feb 2007 13:41:35 -0500
From: Michael Holstein <michael.holstein@...ohio.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: DVR (Digital Video Recorders) + hack?
I've DOS's one with ICMP before using fragmentation attacks (a Nessus
plugin actually did it). Only crashed the web interface .. the unit
still recorded, but you couldn't get to it remotely. Required a
power-cycle to fix.
Vendor has since fixed it with new firmware.
If you're on the same L2 segment, do a MITM with ARP and stash a laptop.
Then just wait for somebody to login.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists