An ISP of their own (was RE: [rescue] Being jobless)

Phil Stracchino alaric at caerllewys.net
Mon Jul 28 16:34:20 CDT 2003


On Mon, Jul 28, 2003 at 04:06:48PM -0500, Mike Hebel wrote:
> On Monday, July 28, 2003, at 04:02 PM, Phil Stracchino wrote:
> >And, lacking an IP, you can't portscan it to see if it falls down.  (A
> >Speedstream 58xx will go immediately to 100% CPU and stop routing
> >traffic.)
> 
> Source please!  Our 58xx here seems to lock up intermittently.  I also 
> see a lot of nimda and other traffic in the logs.

You can find the announcement someplace on Efficient Networks' site ...
I don't have an exact URL, sorry.  (It says they discovered it
themselves, but I found it and reported it to them long before they
admitted it exists.)  At the time I was testing it, all versions of 58xx
firmware accessible to me were vulnerable, and at the time they finally
disclosed it, all versions of 58xx firmware were (according to them)
still vulnerable.

I first learned about it when I asked a friend outside our net to
portscan our entire netblock with nmap to test my security-from-outside.
My DSL connection died within about thirty seconds, and the router
console became unresponsive.  We tried this several times and it was
quite consistent.  So I tried portscanning it from the inside, and with
10 megabits of bandwidth available to scan, it not only went to 100% CPU
and stopped responsing, it rebooted after about 45 seconds to a minute.
It would continue to do so as long as you kept scanning it.

I then started installing and testing other versions of the firmware up
to the latest Efficient had available, and located a few other people
with different 58xx models and (with their permission) portscanned them
for test purposes.  The result was the same in every case:  start nmap
portscan against 58xx of any firmware revision, 58xx fall down, go boom.


-- 
 .*********  Fight Back!  It may not be just YOUR life at risk.  *********.
 : phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
 :  alaric at caerllewys.net : alaric-ruthven at earthlink.net : phil at latt.net  :
 :   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)   :
 :    Linux Now!   ...Because friends don't let friends use Microsoft.    :



More information about the rescue mailing list