[7625] in bugtraq
Re: DoS in Flowpoint 2000 DSL routers
daemon@ATHENA.MIT.EDU (Tom)
Wed Aug 12 11:02:31 1998
Date: Tue, 11 Aug 1998 22:09:43 -0700
Reply-To: Tom <tom@HOOKED.NET>
From: Tom <tom@HOOKED.NET>
X-To: Jason Ackley <jason@ackley.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 11 Aug 1998 20:35:20 PDT."
<Pine.BSI.3.95.980811192325.6674D-100000@llama.ackley.net>
On Tue, 11 Aug 1998 20:35:20 PDT, Jason Ackley writes:
>Hello,
>
>Quick Overview:
>
>There exists a DoS in Flowpoint's (A)DSL 2000 router ('fp2k')
>running software rev 1.2.3 (anyone have other revs to test?)
>
>Lil Backgrounder:
>
>Flowpoint builds the routers and distributes them through various OEMs and
>VARs, one that I know of is Diamond Lane Commuications, so if you have a
>DSL router its best to take a peak at it real quick(tm). Basically its not
>much bigger than a modem, has six blinky lights on the front.
>
>
>Vendor Status:
>
>I informed Flowpoint of this problem on Fri May 29, Flowpoint responded on
>Mon Jun 1 with a fix and an apology for not responding to me sooner! Quick
>Service!
>
My biggest gripe with fp2000 was the unrestricted "read only" access to
telnet and snmp ports.
FP has been very responsive to customer feedback and v1.4.3 supports access
lists. There was also a nasty memory leak in earlier versions that would cause
the router to die for no apparant reason, they granted access to a beta
version that fixed it some time ago.
Looks like 1.43 will only take X chars.
Escape character is '^]'.
FlowPoint/2000 ADSL Router v1.4.3 Ready
> login dfljsdlfjsdkfjsdlkffffffffffffsdlkfjlksdfjlwrejfopiwjflksfdslkfjsdlkfjsdlkfjdslkfjdslkfjdslfjsdlkfjsdlkfjdslfjdslkflkfslkfjsdlkfsdlkfsdlkfdslkfsdlkjfsdlkfjsdlkfslkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfjsdlkfjsdlkfjsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkjfsdlkfjsdlkjfdsjflksdflksdfsldkfsldkfsdlkfjsdlkfdslkfdslkfjsdlkfjsdlkjfsdljforewirjweruweurpweurpwewefwlkfjwelfhjewpirewpfpweofpwekfpwekfpwejfpwjfowefjwefwejfipwejfwejpfwjepfwejpfwejfpwejfpwejfpwejfpwefpweofpwefpowejfwpeijfwpejfpwejfwepfjwepfjwepfjwepfjwepfjwepfjewpfjwepfjwepfwejpfjewpfwejpfwejfpwejfpwefjwpejfwepfjwepfjwepfwjepfjwepfwejpfwjepfwejfpwejfpwefjwpefjwepfjwepfjwepfewjpfwejpfwejfpwefjpewjfwepfjwpefjwpefjpwfjwepfjwepfjwepfjwepjfwepfjwepfjwepfjwepfjwepfjwepfwjefpwejfpewjfpwejfpwejfpwejfpwejfpwejfwepfwepjfwpejfpwejfwpejfewpjfpwefpwejfpewjfpwejfpwejfpwejfpwefjweksdlkjfpwepweiwoip;dsfjg;jpogjrepojreipewrut083475034503459534907340957-043-68458607034750j4rejtlkrejtlkerwjrepitjre0u43-0u-0jrptjepo34ujt0934t4j!
pj!
34pjtrepoitj4309ru0wtj43pjew0irjt
Wrong password! Try logging in again.
>
--
Tom Jansen - Sysadmin
GST - Whole Earth Networks
mknod /dev/spam c 2 2 ; chmod 666 /dev/spam ; echo " >/dev/spam" > ~/.forward
