Re: CR and Cable Modems

From: Michel Arboi (arboiat_private)
Date: Wed Aug 08 2001 - 08:28:05 PDT

  • Next message: R. Boon: "Re: Code red II crashes cisco 678"

     --- Mike <bugginat_private> a écrit : 
    > Is it possible for the CR worm to affect the 
    > performance of a cable modem if that modem has a 
    > built in web based configuration tool that is accessed 
    > via a 192 static ip?
    
    The worm could probe the modem if the web server can be accessed from
    outside.  (BTW, it seems it could generate the RFC 1918 address, as it
    only skips 127.*, 224.* and its own current IP)
    
    192.168.* should not be routed to Internet, but I could see that they
    are often blocked deep into the network infrastructure, far from the
    end users (try a traceroute, and you may have answers from a dozen of
    gateways, depending on your ISP organization)
    So if the worm attacks from another customer of the same ISP, it might
    reach the modem.
    Source routed packets do not go very far on Internet, and cannot be
    used efficiently for TCP AFAIK. (And the worm is not known to use such
    a feature) 
    
    The performance problem looks odd: if the modem blacklists the
    attacker, this should only block IP in the same block as yours, not
    distant servers.
    
    Just my EUR 0.0228
    
    
    
    ___________________________________________________________
    Do You Yahoo!? -- Vos albums photos en ligne, 
    Yahoo! Photos : http://fr.photos.yahoo.com
    



    This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:24:55 PDT