Vulnerability Development mailing list archives

Re: Nokia 7110 Wap Browser Hole

From: tink () TINK ORG (Tink)
Date: Wed, 21 Jun 2000 07:57:31 +0200


At 00:15 21-7-00 +0200, Roelof Temmingh wrote:

On Thu, 20 Jul 2000, Vitaly Osipov wrote:

+So i am very curious on what address you scanned to get the phone hung - it
+really is very interesting.

I (also?) made the mistake of scanning the WAP gateway (see my post
on Nokia WAP GW), but I figured my cellphone is not running NetBIOS :))), and
realised that I was scanning the GW.

Then, I configured the WAP GW on my phone (Siemens S35) to an address that
points to a server within my network, and did a tcpdump to see what IP number
is sending requests to "my WAP GW". (UDP port 9201/2).

This IP number corresponds with my cellphone. I pinged it, and it seems as
though the pings times out when I drop the line. Not sure if this is
really the
phone...is it?


Yes, it is. The Nokia has a TCP stack, and answers pings. As I said, we
portscanned it,
and found bootp (UDP) open.... We did not scan the WAP GW. We used nmap
2.53beta with -O option. (nmap did not recognise the OS).

--Ralph

Current thread:

Re: Nokia 7110 Wap Browser Hole Tink (Jun 20)
- <Possible follow-ups>
- Re: Nokia 7110 Wap Browser Hole Kristjan Kristinsson (Jul 17)
  - volcheck and sol 8 Matthew Potter (Jul 18)
  - Re: Nokia 7110 Wap Browser Hole Ralph Moonen (Jul 18)
  - Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 18)
    - Re: Nokia 7110 Wap Browser Hole Juan M. Courcoul (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Bojan Zdrnja (Jul 21)
  - Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)

(Thread continues...)