Doing some routine auditing of a wireless net, I found that some of the access
points were listening on UDP port 17185. Turns out that makes sense, that's
the wndrpc port, for WindRiver Network Debugging --- it uses a private ONCRPC
protocol (according to docs turned up through google, on RPC program number
55555555 version 1) to support remote debugging. This is a scary thing to find
left enabled in a shipped product.

Does anybody have any idea how someone who doesn't own a copy of vxWorks could
test to find out for sure whether this port is really active, or whether the
IP stack is just failing to return an error for packets thrown at it despite
having WND disabled?

NB: I don't need an exploit, or even a dos; a simple ping would be fine. Or
even enough details about the protocol to craft one. Seems I can't find any of
the fine details for the over-the-wire protocol, and the rpc header files are
part of the vxWorks product, not publicly available.

-Bennett

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]