[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SMC Router Denial of Service exploit

To: Claus A <bugtraq-me@xxxxxxx>
Subject: Re: SMC Router Denial of Service exploit
From: Ranjeet Shetye <ranjeet.shetye2@xxxxxxxxxx>
Date: Mon, 29 Sep 2003 13:59:56 -0700

On Mon, 2003-09-29 at 13:13, Claus A wrote:
> Hi
> 
> > Tested on an SMC2404WBR - BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL
> > Broadband Router.
> 
> I ve just tested this code against my SMC 2404WBR. Firmware Version 1.0.10.
> But it didnt work.
> 
> I saw a lot of UDP & ICMP on the air, but I could access the AP all the
> time. Slower as normal but there was still a connection. As stopping the
> attack after ~ 10 min everything was just normal.
> 
> > Sending a stream of UDP random packets to multiple ports 0-65000 on the
> > router will cause the router to freeze until a soft reset is performed on
> > it.
> 
> I ran the attack against the wireless port.
> Perhaps it only works on the WAN Port?
> 
> Greets
> Claus

Can confirm DoS weakness in SMC 7004VWBR on WAN side.

Traffic = large loads of UDP and/or ICMP traffic on WAN side.
Stateful Packet Inspection is ON.
Firmware = v1.23 (Part No. 720.638)

(This information pertains to my home network and is unrelated to my
employer Zultys.)

-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.

References:
- Re: SMC Router Denial of Service exploit
  - From: Claus A

Prev by Date: sendmail prescan() vulnerability on IRIX
Next by Date: Re: cfengine2-2.0.3 remote exploit for redhat
Previous by thread: Re: SMC Router Denial of Service exploit
Next by thread: @Stake pulls pin on Geer: Effect on research and publication
Index(es):
- Date
- Thread