[plug] [cert-advisory at cert.org: CERT Advisory CA-2001-08]

Jason Nicholls jason at mindsocket.com.au
Wed Apr 11 14:26:46 WST 2001


Hiya,

On Wed, Apr 11, 2001 at 02:05:52PM +0800, Matt Kemner wrote:
> > NOTE: I think this is the only way for the exploit to work, ie the local
> > interface connecting the ADSL modem is up (plus some other probs). So perhaps
> > bring down eth1 after and remove the IP settings when you're done.
> 
> I got the impression uploading the firmware was easier than that, and
> doesn't require any of the internal hosts to be set to certain IP
> addresses, it just requires one of them to have port 7/udp (echo) open and
> functioning, so they can bounce packets off it.

I may be wrong here ;)

As I understand it an IP layer does not need to be present on the ETH1 / ADSL
network (I say network, but it's just 2 connected interfaces).  Example:

(computer) ETH1 <-> ADSL (modem)

(computer) ETH0 <- rest_of_lan

The pppoe software creates a ppp interface and physical carrier is the 
ETH1 <-> ADSL network. BTW, the config for ETH1 doesn't have any IP info in
there, if I bring it up on it's own I get lots of errors and it doesn't come
up. Don't ask me how pppoe does it, but it does.

In order to access the functionallity discussed in the CERT advisory I have to
setup an IP layer for the ETH1 <-> ADSL network. This is separate to the ADSL
pppoe link, in fact I can have it up or down and it doesn't matter.

So in order to do this exploit wouldn't you have to bounce the UDP packets off
ETH1 to the ADSL modem over that IP layer. If that layer is not up then how
would you do it?

Hmm, I hope that made sense.


Later,

Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls    icq: 11745841    email: <jason at mindsocket.com.au>
Proprietor                        mobile: 0417 410 811
Mind Socket [web services]          http://www.mindsocket.com.au/
--------------------------------------------------------------------



More information about the plug mailing list