Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Knud Erik Højgaard (knudcybercity.dk)
Date: Tue Mar 12 2002 - 10:17:16 CST
No answer/bounce, so I'm trying a repost here..
Denial of Service in ZyXEL ZyWALL10 - http://www.zyxel.com/product/security/zywall10.htm
About half a year ago I found a 'funny' DoS condition in the ZyWALL10. ZyXEL was informed, and they at least confirmed the bug, but i believe that's all i heard. According to www.zyxel.com a new firmware for the ZyWALL10 was released 2002/01/10 - i wrote an email to a ZyXEL employee, and the bug is fixed in this version.
The DoS is simple, using nemesis-arp (from The NEMESIS Project) or a similar tool (like arp-fun) it's possible to make the firewall drop its LAN connection.
If you send an arp packet containing some bogus/random MAC address and the firewalls ip to the firewalls lan interface the firewall will 'down' the lan interface and never 'up' it again. The firewall needs a powercycle to restore function, but thats not all. The firewall never 'reopens' the lan interface, so you need to connect via a console cable, go to the lan setup menu, and press enter a few times to 'confirm' the settings to get it back in working order. Sort of a pain in the rear if the firewall is behind a locked door..
nemesis-arp -S 10.0.0.1 -D 10.0.0.1 -h de:ad:ba:be:f0:0d -d ed1
(in this case the firewall's IP is 10.0.0.1 and the ethernet adapter is ed1)
Manzon, Merkinball, SiGNOUT, evilpoo, ewadoh, |ole|, zaarnik, ZyXEL.
From me me me, Knud Erik Højgaard.