Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: your mail
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Tue, 22 Dec 1998 13:16:47 +0000


It should be pointed out here that ICMP redirects are not the only
kinds of attacks which can be carried out against these devices.

Our wonderful denial of service friends land, nestea, nestea2, et al,
can wreak havoc on these devices as well.

Your best bet as a user of these devices is to impose very restrictive
filters, or insure that these systems are not vulnerable to all
of the attacks against IP stacks that have been discovered.


A very large number of these embedded devices run the same two or three
tcp stacks. Several of them hang when fed a zero length IP option (old
KA9Q based). The other thing is nestea/nestea2 can be a pain. The tools
may deliver them UDP but they can equally be delivered tcp at port 80,
or the lpd port or other similar. This makes it quite hard to firewall

Finally some impromptu testing with third parties indicates that the
'all embedded boxes have crashable tcp' theory extends to most of the
beta/just being rolled out set top box internet devices from cable
companies.

Alan

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]