[plug] [cert-advisory at cert.org: CERT Advisory CA-2001-08]

Matt Kemner zombie at wasp.net.au
Wed Apr 11 14:05:52 WST 2001


On Wed, 11 Apr 2001, Jason Nicholls wrote:

> NOTE: I think this is the only way for the exploit to work, ie the local
> interface connecting the ADSL modem is up (plus some other probs). So perhaps
> bring down eth1 after and remove the IP settings when you're done.

I got the impression uploading the firmware was easier than that, and
doesn't require any of the internal hosts to be set to certain IP
addresses, it just requires one of them to have port 7/udp (echo) open and
functioning, so they can bounce packets off it.

 - Matt




More information about the plug mailing list