Home page logo

bugtraq logo Bugtraq mailing list archives

From: Knud Erik Højgaard <knud () cybercity dk>
Date: Mon, 11 Mar 2002 12:21:56 +0100

[vendor status]
About half a year ago I found a 'funny' DoS condition in the ZyWALL10. ZyXEL was informed, and they at least confirmed 
the bug, but i believe that's all i heard. According to www.zyxel.com a new firmware for the ZyWALL10 was released 
2002/01/10 - i wrote an email to a ZyXEL employee, and the bug is fixed in this version.

The DoS is simple, using nemesis-arp (from The NEMESIS Project) or a similar tool (like arp-fun) it's possible to make 
the firewall drop its LAN connection. 

If you send an arp packet containing some bogus/random MAC address  and the firewalls ip to the firewalls lan interface 
the firewall will 'down' the lan interface and never 'up' it again. The firewall needs a powercycle to restore 
function, but thats not all. The firewall never 'reopens' the lan interface, so you need to connect via a console 
cable, go to the lan setup menu, and press enter a few times to 'confirm' the settings to get it back in working order. 
Sort of a pain in the rear if the firewall is behind a locked door.. 

nemesis-arp -S -D -h de:ad:ba:be:f0:0d -d ed1 

(in this case the firewall's IP is and the ethernet adapter is ed1)

Manzon, Merkinball, SiGNOUT, evilpoo, ewadoh, |ole|, zaarnik, ZyXEL.

From me, Knud Erik Højgaard.

  By Date           By Thread  

Current thread:
  • ZyXEL ZyWALL10 DoS Knud Erik Højgaard (Mar 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]