Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]

From: Jonathan A. Zdziarski (jonathan_at_nuclearelephant.com)
Date: 12/04/03

  • Next message: Jonathan A. Zdziarski: "Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]"
    To: Michael Renzmann <security@dylanic.de>
    Date: Thu, 04 Dec 2003 01:41:54 -0500
    
    

    In a lot of cases, this would only be exploitable internally, since many
    configurations are set up not to allow access to the unit externally.
    But in any case, there are a lot of other ways to DoS these little
    residential boxes. Running macof (part of the dsniff package) will
    effectively shut down all traffic on the network. I'm sure arpspoof
    without forwarding would do the same thing. I'm surprised these things
    don't support something as basic as SSL for authentication (at least the
    model I've got doesn't)

    On Wed, 2003-12-03 at 23:42, Michael Renzmann wrote:
    > Can anyone confirm if technically identical devices such as the Buffalo
    > WBR-G54 share this vulnerability?

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jonathan A. Zdziarski: "Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]"

    Relevant Pages

    • Re: Windows 2K3 and Virtual Server 2005 guests NAT problem
      ... internal network. ... Ethernet adapter "MS Loopback Adapter": ... Configurations received on the client side ...
      (microsoft.public.windows.server.networking)
    • Re: Consulting License Offer
      ... To take many configurations and nessus/qualys scans and put them together into a graphical representation has been quite nice, and the user interface is well thought out for an initially released product. ... consultants, pen testers and auditors Redseal develops a product called Security Risk Manager, it does the ... Builds a network blueprint of all permitted traffic flows which you can ... The product has been referenced by some consultants as the first way to ...
      (Pen-Test)
    • Re: Intermittently Companyweb access fails
      ... configurations however I don't believe Static IP/DHCP configurations play ... Connection-specific DNS Suffix. ... address in the middle of your network as you're doing, ... And sometime later the user experiencing the ...
      (microsoft.public.windows.server.sbs)
    • RE: ?: natd and ipfw
      ... A> i am somewhat new at fbsd, and i am setting up a firewall for a network. ... A> my website to my DMZ side of the network? ... forwarded to machine 10.0.1.1 port 25. ... A> use a host name instead of an ip address in natd configurations? ...
      (FreeBSD-Security)
    • Re: ?: natd and ipfw
      ... A> i am somewhat new at fbsd, and i am setting up a firewall for a network. ... A> my website to my DMZ side of the network? ... forwarded to machine 10.0.1.1 port 25. ... A> use a host name instead of an ip address in natd configurations? ...
      (FreeBSD-Security)