Bugtraq mailing list archives

Re: DoS in Flowpoint 2000 DSL routers

From: tom () HOOKED NET (Tom)
Date: Tue, 11 Aug 1998 22:09:43 -0700


On Tue, 11 Aug 1998 20:35:20 PDT, Jason Ackley writes:

Hello,

Quick Overview:

There exists a DoS in Flowpoint's (A)DSL 2000 router ('fp2k')
running software rev 1.2.3 (anyone have other revs to test?)

Lil Backgrounder:

Flowpoint builds the routers and distributes them through various OEMs and
VARs, one that I know of is Diamond Lane Commuications, so if you have a
DSL router its best to take a peak at it real quick(tm). Basically its not
much bigger than a modem, has six blinky lights on the front.


Vendor Status:

I informed Flowpoint of this problem on Fri May 29, Flowpoint responded on
Mon Jun 1 with a fix and an apology for not responding to me sooner! Quick
Service!

My biggest gripe with fp2000 was the unrestricted "read only" access to
telnet and snmp ports.

FP has been very responsive to customer feedback and v1.4.3  supports access
lists. There was also a nasty memory leak in earlier versions that would cause
the router to die for no apparant reason, they granted access to a beta
version that fixed it some time ago.

Looks like 1.43 will only take X chars.

Escape character is '^]'.

FlowPoint/2000 ADSL Router v1.4.3 Ready

login 
dfljsdlfjsdkfjsdlkffffffffffffsdlkfjlksdfjlwrejfopiwjflksfdslkfjsdlkfjsdlkfjdslkfjdslkfjdslfjsdlkfjsdlkfjdslfjdslkflkfslkfjsdlkfsdlkfsdlkfdslkfsdlkjfsdlkfjsdlkfslkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfjsdlkfjsdlkfjsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkfsdlkjfsdlkfjsdlkjfdsjflksdflksdfsldkfsldkfsdlkfjsdlkfdslkfdslkfjsdlkfjsdlkjfsdljforewirjweruweurpweurpwewefwlkfjwelfhjewpirewpfpweofpwekfpwekfpwejfpwjfowefjwefwejfipwejfwejpfwjepfwejpfwejfpwejfpwejfpwejfpwefpweofpwefpowejfwpeijfwpejfpwejfwepfjwepfjwepfjwepfjwepfjwepfjewpfjwepfjwepfwejpfjewpfwejpfwejfpwejfpwefjwpejfwepfjwepfjwepfwjepfjwepfwejpfwjepfwejfpwejfpwefjwpefjwepfjwepfjwepfewjpfwejpfwejfpwefjpewjfwepfjwpefjwpefjpwfjwepfjwepfjwepfjwepjfwepfjwepfjwepfjwepfjwepfjwepfwjefpwejfpewjfpwejfpwejfpwejfpwejfpwejfwepfwepjfwpejfpwejfwpejfewpjfpwefpwejfpewjfpwejfpwejfpwejfpwefjweksdlkjfpwepweiwoip;dsfjg;jpogjrepojreipewrut083475034503459534907340957-043-68458607034750j4rejtlkrejtlkerwjrepitjre0u43-0u-0jrptjepo34ujt0934t4jpj!

34pjtrepoitj4309ru0wtj43pjew0irjt
Wrong password!   Try logging in again.






--

Tom Jansen - Sysadmin
GST - Whole Earth Networks
mknod /dev/spam c 2 2 ; chmod 666 /dev/spam ; echo " >/dev/spam" > ~/.forward

Current thread:

Re: Eudora executes (Java) URL John D. Hardin (Aug 10)
- <Possible follow-ups>
- Re: Eudora executes (Java) URL Dominique Unruh (Aug 11)
- Re: Eudora executes (Java) URL Vitiello, Eric (Aug 11)
  - Re: Eudora executes (Java) URL James Wetterau (Aug 11)
  - Re: Eudora executes (Java) URL Alec Kosky (Aug 11)
    - Re: Eudora executes (Java) URL John D. Hardin (Aug 11)
    - Cisco IOS software security notice security-alert () cisco com (Aug 12)
    - Re: Eudora executes (Java) URL High Tide (Aug 12)
  - Re: RotoRouter 1.0 - Traceroute log & fake Julian Assange (Aug 11)
  - DoS in Flowpoint 2000 DSL routers Jason Ackley (Aug 11)
    - Re: DoS in Flowpoint 2000 DSL routers Tom (Aug 11)
    - Re: DoS in Flowpoint 2000 DSL routers Jason Ackley (Aug 12)
    - Linux 2.1.115 oops (demo and fix) Duncan Simpson (Aug 13)
    - Re: Linux 2.1.115 oops (demo and fix) Chris Wedgwood (Aug 13)
    - [rootshell] Security Bulletin #22 DeadSock (Aug 14)
    - Linux 2.1.115 devpts bug improved fix Duncan Simpson (Aug 13)