Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Cayman 3220H DSL Router Software Update and New Bonus Attack
Date: Tue May 23 2000 - 19:48:25 CDT
- Next message: Ussr Labs: "HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability"
- Previous message: Clover Andrew: "Re: Another hole in Cart32"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cayman 3220H DSL Router Software Update and New Bonus Attack
Cayman has released a new software image (version 5.5.0 build r1) to fix
the DoS attack I reported a couple weeks ago.
Details on the attack can be found here -> http://www.securityfocus.com/vdb/bottom.html?vid=1219
You can get the new software image here --> ftp://www.cayman.com/pub/gatorsurf/3220/c8a550R1.COS
Unfortunately I found another attack right about the same time they notified
me about the software update.
Versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1, probably all other versions
and the latest update are vulnerable to ping of death attacks. Vendor has
ping -t -l 65500 victim.example.com
All replies will say "Request timed out."
Send it some normal pings too. When you get time outs from normal sized
pings the attack should be done.
I have had all kinds of different results from this. Sometimes it stops
telnet and http admin services. Other times the services stay up but the
router restarts without routing. If the router survives just keep hammering
it. It will eventually hose in one way or another.
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.