Re: DoSing the Netgear ISDN RT34x router.

From: Mike Wade (mwadeat_private)
Date: Fri Feb 25 2000 - 18:59:07 PST

Next message: Bertrand Schmitt: "Re: BID 994,"

Previous message: Andrey: "Re: SSH & xauth"
Maybe in reply to: Swift Griggs: "DoSing the Netgear ISDN RT34x router."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 25 Feb 2000, Swift Griggs wrote:

> HOW:
> Door #1: SYN scan the router with nmap. It'll deny all connections to port
> 		23 after that for about 5 minutes per packet. DoSing it in
> 		this way is trivial. Of course spoofed packets work just
> 		great.
>
> Door #2: Telnet to it. Sit there. No one else can manage it, regardless
> 		of if you have authenticated or not.
> 	
> Door #3: Send it tons of ICMP redirects, it'll stop routing packets at
> 		all during the storm (which can be fairly light) and it'll
> 		take about 30 seconds to recover. (try winfreeze.c)
>
> Door #4: Send it some contrived RIP packets with host routes for your
> 		favorite people in the office set to loopback. The default
> 		is to allow RIP-2B in both directions.

I own one of these gimpy-so-called-routers and have found many bugs that
are similar to the ones you've mentioned.  Generally, I've found the
TCP/IP stack + NAT features to be of very low quality.  Perhaps this is to
be expected at a low price point but their firmware is just plain broken.

Bug #5: Send a single UDP packet between 63000 - 65000 bytes to the router
        from local or remote.  This will lock the router up between 15 -
        30 seconds and sometimes reboot.  Sending these packets once about
        every 10 seconds is enough to keep the router locked up forever.
        Perhaps this is a memory issue?

Bug #6: Broken and sometimes legit IRC DCC and Real Audio/Video
        (film.com's trailers usually sends my router into endless reboots)
        requests often cause the router to reboot when using NAT.  This
        is obviously just sad coding.

Bug #7: Legit traffic is often dropped in NAT mode after >12 hours of
        connection time (I assume the NAT tables leak).  Open connections
        are not affected, however no new connections will be created.  The
        only solution is to disconnect or reboot the router.  I believe
        this to be related to poor timing out of UDP packets such as DNS
        queries sitting stale in the NAT table.

I'm sure there are plenty of other bugs that can be found dealing with the
TCP/IP stack and NAT mode.  The current release version of firmware for
these routers is '1.50(C.00)' but I do have a beta version of the firmware
that I have not tested that is labeled '2.20 Beta 15' from August of 1999.

I see Netgear has some newer model ISDN routers available.  Is Netgear
even supporting these routers any more?

---
Mike Wade (mwadeat_private)
Director of Systems Administration
CDC Internet, Inc.

Next message: Bertrand Schmitt: "Re: BID 994,"
Previous message: Andrey: "Re: SSH & xauth"
Maybe in reply to: Swift Griggs: "DoSing the Netgear ISDN RT34x router."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:35 PDT