-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 WHICH ONES: The Netgear ISDN RH348 and RT328, and possibly the Zyxel P128imh (same firmware). HOW: Door #1: SYN scan the router with nmap. It'll deny all connections to port 23 after that for about 5 minutes per packet. DoSing it in this way is trivial. Of course spoofed packets work just great. Door #2: Telnet to it. Sit there. No one else can manage it, regardless of if you have authenticated or not. Door #3: Send it tons of ICMP redirects, it'll stop routing packets at all during the storm (which can be fairly light) and it'll take about 30 seconds to recover. (try winfreeze.c) Door #4: Send it some contrived RIP packets with host routes for your favorite people in the office set to loopback. The default is to allow RIP-2B in both directions. Quick Fix: Use an ACL in the router to deny access to everywhere but your management station. Turn RIP off if you can, if not then try to only broadcast RIP, not listen. These routers don't support any other type of distance vector protocols, and fortunately they don't do link state protocols at all (ie.. no redistribution of bogus routes learned and trusted by any evil haxx0r on the network). That's fine with me, I doubt I'll be housing my ASN on an ISDN line anytime soon, but that's just me. - -- __________________________________________________ Swift Griggs - Janitor, Secretary, Router dude. Some will rise by sin and some by virtue fall PGP(GPG) Key ID D38E3D91 | InterNIC Handle SG1991 Key fingerprint for the key that I use is here: 010C A7E3 A630 8107 E9A5 F9AD 82D6 BA10 D38E 3D91 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: Using GPG 1.1 iD8DBQE4tt8qgta6ENOOPZERAjSYAJ4zThI0EV9lRb8D1yWjA/P9LuOtlQCeIfU2 cVHrE6DZ8UpISE3gvrycwnk= =7glx -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:15 PDT