mailing list archives
ZyXEL ZyWALL10 DoS
From: Knud Erik Højgaard <knud () cybercity dk>
Date: Mon, 11 Mar 2002 12:21:56 +0100
About half a year ago I found a 'funny' DoS condition in the ZyWALL10. ZyXEL was informed, and they at least confirmed
the bug, but i believe that's all i heard. According to www.zyxel.com a new firmware for the ZyWALL10 was released
2002/01/10 - i wrote an email to a ZyXEL employee, and the bug is fixed in this version.
The DoS is simple, using nemesis-arp (from The NEMESIS Project) or a similar tool (like arp-fun) it's possible to make
the firewall drop its LAN connection.
If you send an arp packet containing some bogus/random MAC address and the firewalls ip to the firewalls lan interface
the firewall will 'down' the lan interface and never 'up' it again. The firewall needs a powercycle to restore
function, but thats not all. The firewall never 'reopens' the lan interface, so you need to connect via a console
cable, go to the lan setup menu, and press enter a few times to 'confirm' the settings to get it back in working order.
Sort of a pain in the rear if the firewall is behind a locked door..
nemesis-arp -S 10.0.0.1 -D 10.0.0.1 -h de:ad:ba:be:f0:0d -d ed1
(in this case the firewall's IP is 10.0.0.1 and the ethernet adapter is ed1)
Manzon, Merkinball, SiGNOUT, evilpoo, ewadoh, |ole|, zaarnik, ZyXEL.
From me, Knud Erik Højgaard.
- ZyXEL ZyWALL10 DoS Knud Erik Højgaard (Mar 12)