[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]
- To: Michael Renzmann <security@dylanic.de>
- Subject: Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]
- From: "Jonathan A. Zdziarski" <jonathan@nuclearelephant.com>
- Date: Thu, 04 Dec 2003 01:41:54 -0500
In a lot of cases, this would only be exploitable internally, since many
configurations are set up not to allow access to the unit externally.
But in any case, there are a lot of other ways to DoS these little
residential boxes. Running macof (part of the dsniff package) will
effectively shut down all traffic on the network. I'm sure arpspoof
without forwarding would do the same thing. I'm surprised these things
don't support something as basic as SSL for authentication (at least the
model I've got doesn't)
On Wed, 2003-12-03 at 23:42, Michael Renzmann wrote:
> Can anyone confirm if technically identical devices such as the Buffalo
> WBR-G54 share this vulnerability?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html