Hi! I've got a lot of availability trouble with my NetGear FM114P. After asking the support and no good answer I started doing some test for myself. It seems possible to crash the NetGear FM114P with many TCP connects. I did some tests on my FM114P firmware Version 1.3 Release 05 and these are the needed connection attempts: 4349 15641 125802 22185 44395 62564 9865 22102 108132 42314 It is interessting that there is no exact value for the success. All of them are between the large scale of 4349 and 125802. It's possible to do this attack by brute forceing the htaccess password of the web interface (e.g. with WWWhack). But such an attack is recorded in the log files as following: --- fwlog begin --- [...] Sun, 2002-10-06 21:23:40 - Administrator login fail, Password error - IP:192.168.0.2 Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error - IP:192.168.0.2 Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error - IP:192.168.0.2 [...] --- fwlog end --- After this, the whole firewall freezes: - You can't ping the box - You can't connect to the web interface - There is no troughput possible - The firewall doesn't mail the scheduled log files You need to reboot the tiny box to get a running system. I've tried the same game with ping flooding, but there was no success. I hope this bug will be fixed in an upcoming firmware release. Bye, Marc -- Computer, Technik und Security http://www.computec.ch
This archive was generated by hypermail 2b30 : Thu Oct 10 2002 - 11:16:13 PDT