[28434] in bugtraq
Re: Efficient Networks 5861 DSL Router
daemon@ATHENA.MIT.EDU (Andrew Hodgson)
Wed Jan 15 14:45:55 2003
From: Andrew Hodgson <andrew@hodgsonfamily.org>
To: "Greg Bolshaw" <greg@optionsinternet.com>
Date: Fri, 10 Jan 2003 14:00:07 +0000
Message-ID: <e9kt1vo8h0kb0v2ntufbjkp07sq97uivb4@mail.hodgsonfamily.org>
In-Reply-To: <CKEBLHDLGBAGIFNMEHCIIEMLCAAA.greg@optionsinternet.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
On Fri, 10 Jan 2003 11:05:01 -0000, "Greg Bolshaw"
<greg@optionsinternet.com> wrote:
>Product: Efficient Networks 5861 DSL Router
> http://www.efficient.com/ebz/5800.html
>Tested version: 5.3.80 (Latest firmware)
>Advisory date: 10/01/2003
>Severity: Moderate
>
>Background
>
[...]
>
>As far as I am aware, the 5861 is the standard router provided to all ADSL
>business customers in the UK.
From which provider?
>
>Details
>
>When using the builtin IP filtering to block incoming TCP SYN flags, a
>simple portscan to the WAN interface of the router will cause the it to lock
>up, and eventually restart.
I have confirmed this using the Sygate port scanner found at
http://scan.sygate.com.
[...]
>Solution
>
>There is currently no fix for this exploit. I have contacted Efficient
>Networks to inform them of the problem.
A workarround is to disable the filtering on the router and make sure
all unsolicited packets are forwarded to a machine with a capable
firewall installed. This is what I am doing in one instance.
Andrew.
--
Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew@hodgsonfamily.org
