Re: [Fwd: Bug in alcatel speed touch home adsl modem]

[Peter Wohlers <pedro () whack org>]

Hi-

Just so you know that this might not necessarily be an isolated issue with home dsl routers:

Lemme guess, you're natting?  

If so, what's probably happening is that the process of doing port address translation doing port scans just pegs the
cpu and crashes the thing. 

The really funny thing is that you can even replicate this behavior on Cisco 6509's with MSFC-1's where you're using PAT
as well. The Cisco issue with nmap is that the PAT process makes the CPU so busy that it quits responding to scppings,
which the switch uses to determine if the router is alive or not. Since the router is so busy tearing down nat
translations, the switch thinks it has died and resets (yes! power-cycles) the integrated router module.

Cisco claims that this problem was fixed with the msfc2, but I haven't bothered testing this out.

So, if your in a nat-ed environment at work, see if you can replicate your home router's behavior ;)

Your issue might not be exactly that, but remember, nmap from a nat-ed environment is pretty harsh on the device doing
the translations...

-- 
*****************
* Peter Wohlers *
*pedro () whack org*
*****************



"Mark I. Ross" wrote:
> Just FYI, I get crazy things happening with my Nokia ADSL router/modem as well.  If I run nmap and scan more than a 
> couple of addresses the modem just dies and requires a reboot.
>
> I have not been able to determine why this is occuring as yet, but it sucks...
>
> Cheers,
> mark  ;)
> rossman () xtra co nz
>
> On Mon, 14 Jan 2002 15:30:44 +0100 Niels Heinen <niels.heinen () ubizen com> wrote:
> > Hi all,
> >
> > In case you have not read this on bugtraq
> >
> > Niels
> >
> > -------- Original Message --------
> > Subject: Bug in alcatel speed touch home adsl modem
> > Date: Fri, 11 Jan 2002 18:52:04 +0100
> > From: "Hacknisty" <hacknisty () wanadoo fr>
> > To: <bugtraq () securityfocus com>
> >
> > Hi
> > I've found a bug in Alcatel Speed Touch Home ADSL modem
> >
> > I was playing with nmap when i've tried to scan my modem with is local
> > ip
> > address (default is 10.0.0.138 but i've changed it to 10.0.0.1)
> >
> > I've tested various scan and note that when you activate OS detection,
> > modem
> > reboot immediately
> >
> > Is anyone can confirm that ?
> > My firmware version is 8706
> >
> > I don't think we can do anything with that but i want to know what
> > really
> > happened on the modem. Is anyone can explain that to me
> >
> > Sorry for my poor english and sorry to if this was already post here
> >
> > Amically Hacknisty
> >
> > --------------------------------------------------
> > For help using this (nmap-hackers) mailing list, send a blank email to
> > nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
>
> --------------------------------------------------
> For help using this (nmap-hackers) mailing list, send a blank email to
> nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).