[31888] in bugtraq
Re: SMC Router Denial of Service exploit
daemon@ATHENA.MIT.EDU (Ranjeet Shetye)
Mon Sep 29 17:40:47 2003
From: Ranjeet Shetye <ranjeet.shetye2@zultys.com>
To: Claus A <bugtraq-me@gmx.net>
Cc: bugtraq@securityfocus.com
In-Reply-To: <OOEJKOIBKKKDEOACNCBHGEFKCBAA.bugtraq-me@gmx.net>
Content-Type: text/plain
Message-Id: <1064869195.3357.5.camel@ranjeet-pc2.zultys.com>
Mime-Version: 1.0
Date: Mon, 29 Sep 2003 13:59:56 -0700
Content-Transfer-Encoding: 7bit
On Mon, 2003-09-29 at 13:13, Claus A wrote:
> Hi
>
> > Tested on an SMC2404WBR - BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL
> > Broadband Router.
>
> I ve just tested this code against my SMC 2404WBR. Firmware Version 1.0.10.
> But it didnt work.
>
> I saw a lot of UDP & ICMP on the air, but I could access the AP all the
> time. Slower as normal but there was still a connection. As stopping the
> attack after ~ 10 min everything was just normal.
>
> > Sending a stream of UDP random packets to multiple ports 0-65000 on the
> > router will cause the router to freeze until a soft reset is performed on
> > it.
>
> I ran the attack against the wireless port.
> Perhaps it only works on the WAN Port?
>
> Greets
> Claus
Can confirm DoS weakness in SMC 7004VWBR on WAN side.
Traffic = large loads of UDP and/or ICMP traffic on WAN side.
Stateful Packet Inspection is ON.
Firmware = v1.23 (Part No. 720.638)
(This information pertains to my home network and is unrelated to my
employer Zultys.)
--
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.
