Vulnerability Development mailing list archives
Linksys DSL routers and fragments
From: "C. Regis Wilson" <t_pascal () PC4 ZENNET COM>
Date: Thu, 30 Nov 2000 11:37:36 -0800
Hi, read a posting from August about the Linksys DSL routers and their (seeming) security strength. I wonder if anyone has tried exploiting the DMZ option; that is, expose a host to the WAN side and see what vulnerabilities exist. My initial testing shows that the DMZ option does not work in the way you think it should, and that there can be some weird behaviour. I did notice that all fragments, period, seem to be dropped. I wonder if Linksys will fix that... One interesting thing I found is that the DMZ option does allow exotic protcols but only if you use the external IP of the router as your internal address!! Picture this: external IP=10.0.0.1 internal IP=10.0.0.2 client IP=10.0.0.1. You'd think the packets would get confused (no known router would allow this setup), but it works. And when you set the DMZ host to 10.0.0.1, you can pass IPSec, protocol 57, GRE, etc. etc. Anyone notice that?
Current thread:
- Linksys DSL routers and fragments C. Regis Wilson (Dec 01)
- <Possible follow-ups>
- Re: Linksys DSL routers and fragments C. Regis Wilson (Dec 01)