An ISP of their own (was RE: [rescue] Being jobless)
alaric at caerllewys.net
Mon Jul 28 16:34:20 CDT 2003
On Mon, Jul 28, 2003 at 04:06:48PM -0500, Mike Hebel wrote:
> On Monday, July 28, 2003, at 04:02 PM, Phil Stracchino wrote:
> >And, lacking an IP, you can't portscan it to see if it falls down. (A
> >Speedstream 58xx will go immediately to 100% CPU and stop routing
> Source please! Our 58xx here seems to lock up intermittently. I also
> see a lot of nimda and other traffic in the logs.
You can find the announcement someplace on Efficient Networks' site ...
I don't have an exact URL, sorry. (It says they discovered it
themselves, but I found it and reported it to them long before they
admitted it exists.) At the time I was testing it, all versions of 58xx
firmware accessible to me were vulnerable, and at the time they finally
disclosed it, all versions of 58xx firmware were (according to them)
I first learned about it when I asked a friend outside our net to
portscan our entire netblock with nmap to test my security-from-outside.
My DSL connection died within about thirty seconds, and the router
console became unresponsive. We tried this several times and it was
quite consistent. So I tried portscanning it from the inside, and with
10 megabits of bandwidth available to scan, it not only went to 100% CPU
and stopped responsing, it rebooted after about 45 seconds to a minute.
It would continue to do so as long as you kept scanning it.
I then started installing and testing other versions of the firmware up
to the latest Efficient had available, and located a few other people
with different 58xx models and (with their permission) portscanned them
for test purposes. The result was the same in every case: start nmap
portscan against 58xx of any firmware revision, 58xx fall down, go boom.
.********* Fight Back! It may not be just YOUR life at risk. *********.
: phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
: alaric at caerllewys.net : alaric-ruthven at earthlink.net : phil at latt.net :
: 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) :
: Linux Now! ...Because friends don't let friends use Microsoft. :
More information about the rescue