Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nokia 7110 Wap Browser Hole

From: doc () REDBRICK DCU IE (Dave O Connor)
Date: Fri, 21 Jul 2000 09:03:00 +0100

Someone called Vitaly Osipov said on Thu, Jul 20, 2000 at 11:34:36AM +0200:

Hi,

I am not a specialist in WAP and underlying protocols, but AFAIK there is
_no_ IP in this stack and phones _do not_ have IP addresses - their
connectivity to wap servers is done via WAP gateways (which have IP because
they have to connect to wap servers, of course). Those gateways act as
network-layer gateways, converting some GSM bearer protocols into TCP/IP.
Phones itself have only so-called MSISDN (Mobile Subscriber ISDN).

So i am very curious on what address you scanned to get the phone hung - it
really is very interesting.


WAP phones come through an access server and talk to RADIUS, in the exact same
way that client machines do on a normal ISP dialup. They're allocated an IP
address by radius, and this is what you portscan (the radius accounting logs
should tell you what IP last connected, so just try that.).The phones then
talk only to the WAP gateway, in UDP, and the WAP gateway makes requests to
web servers on their behalf. I've not been able to crash a Nokia by
portscanning it, although I'd be interested to see what sort of holes/DoS
stuff has been found for it. Placing the phones on unroutable IPs behind a
masquerading firewall should prevent people exploiting this hole, if it
exists.

        - DoC
Previous By Date Next
Previous By Thread Next

Current thread: