|
Date:
|
Oct 16 2000 10:47:14 EDT
|
|
From:
|
"Kevison Dennys Carrilho Bentes" <[EMAIL PROTECTED]>
|
|
Subject:
|
[redewan] Fw: Cisco 678 exploit |
Kevison Dennys Carrilho Bentes
Gerente de Rede
Air System Network
Bras�lia - DF Brasil
Fone: 55 61 313-8002
Fax: 55 61 313-8008
[EMAIL PROTECTED]
----- Original Message -----
From: "George" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 11, 2000 10:55 PM
Subject: Cisco 678 exploit
| Let me start off by saying I'm no network expert but I found something
that
| I though was rather interesting.
|
| Setup: Cisco 678 DSL router connecting 2 machines to the internet.
Machines
| are using routable IP addresses (NAT is disabled) and are fully pingable
| from the internet side.
|
| By sending the following broadcast packet from Machine1, Machine2 can no
| longer talk to the internet. I don't know enough about protocols to know
why
| but I think the broadcast is changing something in the 678 router judging
| from the network sniff I ran.
|
| Anyway, this is the packet:
|
| 00000: FF FF FF FF FF FF 00 80 29 61 9B 39 00 2C E0 E0 ........)a.9.,..
| 00010: 03 FF FF 00 28 00 01 00 00 00 00 FF FF FF FF FF ....(...........
| 00020: FF 04 53 00 00 00 00 00 80 29 61 9B 39 04 53 00 ..S......)a.9.S.
| 00030: 02 92 23 33 C3 00 01 00 02 00 ..#3......
|
| It is an IPX RIP broadcast of some kind (RIPX) and within a second or two
of
| this packet machine2 drops off the internet. Machine2 does not have IPX
| installed, only tcp/ip.
|
| Is there anyone on this list who could help me track this down further? It
| seems to me that if this is in fact affecting the router and not machine2
| that this would be a very simple way for one person inside a company to
| knock out the internet connection so I think it could classify as an
| exploit.
|
| Geo.
|
|
|
