Re: 3Com OfficeConnect 812/840 Router DoS exploit code

["Raistlin" <raistlin () gioco net>]

> // 3Com OfficeConnect 812/840 ADSL Router Denial of Service (maybe others)

Filtering port 80 on the WAN interface is enough to prevent this DoS. Port
53 UDP and port 23 telnet are also wide open by default. In fact, this is
(IMHO) a bad symptom of lack of care in security.

As another issue, 3com 812 ADSL routers do NAT. This is great since you plug
in up to 40 PCs and do not have to care very much about settings. However,
the TCP/IP stack of these routers shamelessly uses fixed-increment ISNs on
packets, thus making a connection hijack / spoofing attack fairly simple.
Since they do NAT, every outbound packet suffers of this "carelessness".

I hope that someone from 3com hears us here... since on their whole site
there is NO SECURITY CONTACT whatsoever. This is another bad sign for a
network hardware vendor.

Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys