Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 TCP Flood and Authentication Cracking Causes NETGEAR FM114P to Hang
Categorie: Vulnerability
Posted: 2002-10-13 by Gmtech
Views: 721
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
A security vulnerability in the NETGEAR FM114P allows remote attackers to cause the product to crash by initiating a large number of TCP connections, or by trying to brute force the password used in the administrator's web interface



It seems possible to crash the NETGEAR FM114P with many TCP connects. Marc did some tests on his FM114P firmware Version 1.3 Release 05 and these are the needed connection attempts:

4349

15641

125802

22185

44395

62564

9865

22102

108132

42314



It appears that there is no exact value from which the NETGEAR will crash. However, all of them are between the scale of 4349 and 125802.



It's also possible to cause this vulnerability by trying to brute force the htaccess password of the web interface (e.g. with WWWhack). Note however, that such an attack is recorded in the log files as following:



--- fwlog begin ---



[...]

Sun, 2002-10-06 21:23:40 - Administrator login fail, Password error - IP:192.168.0.2

Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error - IP:192.168.0.2

Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error - IP:192.168.0.2

[...]



--- fwlog end ---



After this (and after the TCP flood), the whole firewall freezes:

- You can't ping the box

- You can't connect to the web interface

- No throughput is possible

- The firewall doesn't mail the scheduled log files



The only way to restore normal operation would be to reboot the tiny box.


 
 Links
Cisco Secure Content Accelerator Vulnerable to SSL Worm
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=52

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES