TUCoPS :: Network Appliances :: napl4942.htm

Zyxel remote DoS
20th Dec 2001 [SBWID-4942]

	Zyxel remote DoS


	Zyxel Prestige 681 and 1600 (possibly other)


	Przemyslaw Frasunek reported following vulnerabilities regarding  Zyxel,
	SDSL routers.

	 First vulnerability


	P681/1600 SDSL module restarts when it receives IP packets  with  ip_len
	< real packet size. Resynchronizing of SDSL takes about 2-3 minutes.

	How to repeat:

	# iptest -d fxp0 -1 -p 6 -g x.x.x.x y.y.y.y



	 Second vulnerability


	P681 (not tested on P1600) device crashes when  it  receives  fragmented
	packet which is longer than 64k after reassembly. This is an old  attack
	known as ping of death.

	How to repeat:


	# iptest -d fxp0 -1 -p 8 -g x.x.x.x y.y.y.y






	Both crashes can be triggered only when IP packet is targeted  to  Zyxel
	router and comes from SDSL WAN interface.  Device  won\'t  crash  if  it
	works in bridging mode or packet is only forwarded, not processed.




	Put device in bridging mode  or  filter  ALL  incoming  traffic.  Packet
	filters in ZyNOS  *WILL  NOT*  prevent  from  attack,  traffic  must  be
	blocked before it reaches P681/P1600 device.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH