[27385] in bugtraq
Re: TCP flood against NetGear FM114P
daemon@ATHENA.MIT.EDU (Stephen Samuel)
Thu Oct 10 16:06:28 2002
Message-ID: <3DA5C9C1.8070705@bcgreen.com>
Date: Thu, 10 Oct 2002 11:41:05 -0700
From: Stephen Samuel <samuel@bcgreen.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Try putting a snooper (ethereal or even just tcpdump) on the outside of
your netgear (if you have a spare hub handy). From those *extremely*
varied hit counts needed to crash the box, I'm guessing that something
else is needed to trigger a failure besides just massive connects.
It may be a race condition or a specific pattern in sequence nunbers, or....
I'm guessing that you could also crash it with multiple connects *through*
the firewall. That would explain your availability troubles.
Marc Ruef wrote:
>> I've got a lot of availability trouble with my NetGear FM114P. After
.....
> It is interessting that there is no exact value for the success. All of
> them are between the large scale of 4349 and 125802. It's possible to do
> this attack by brute forceing the htaccess password of the web interface
.....
--
Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.
