On Fri, 10 Jan 2003 11:05:01 -0000, "Greg Bolshaw"
<greg (at) optionsinternet (dot) com [email concealed]> wrote:
>Product: Efficient Networks 5861 DSL Router
> http://www.efficient.com/ebz/5800.html
>Tested version: 5.3.80 (Latest firmware)
>Advisory date: 10/01/2003
>Severity: Moderate
>
>Background
>
[...]
>
>As far as I am aware, the 5861 is the standard router provided to all ADSL
>business customers in the UK.
From which provider?
>
>Details
>
>When using the builtin IP filtering to block incoming TCP SYN flags, a
>simple portscan to the WAN interface of the router will cause the it to lock
>up, and eventually restart.
I have confirmed this using the Sygate port scanner found at
http://scan.sygate.com.
[...]
>Solution
>
>There is currently no fix for this exploit. I have contacted Efficient
>Networks to inform them of the problem.
A workarround is to disable the filtering on the router and make sure
all unsolicited packets are forwarded to a machine with a capable
firewall installed. This is what I am doing in one instance.
Andrew.
--
Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew (at) hodgsonfamily (dot) org [email concealed]
<greg (at) optionsinternet (dot) com [email concealed]> wrote:
>Product: Efficient Networks 5861 DSL Router
> http://www.efficient.com/ebz/5800.html
>Tested version: 5.3.80 (Latest firmware)
>Advisory date: 10/01/2003
>Severity: Moderate
>
>Background
>
[...]
>
>As far as I am aware, the 5861 is the standard router provided to all ADSL
>business customers in the UK.
From which provider?
>
>Details
>
>When using the builtin IP filtering to block incoming TCP SYN flags, a
>simple portscan to the WAN interface of the router will cause the it to lock
>up, and eventually restart.
I have confirmed this using the Sygate port scanner found at
http://scan.sygate.com.
[...]
>Solution
>
>There is currently no fix for this exploit. I have contacted Efficient
>Networks to inform them of the problem.
A workarround is to disable the filtering on the router and make sure
all unsolicited packets are forwarded to a machine with a capable
firewall installed. This is what I am doing in one instance.
Andrew.
--
Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew (at) hodgsonfamily (dot) org [email concealed]
[ reply ]