Groups | Search | Server Info | Login | Register

Groups > comp.dcom.modems.cable > #214

Re: Over 135 million modems vulnerable to denial-of-service flaw

From Fritz Wuehler <fritz@spamexpire-201604.rodent.frell.theremailer.net>
References <c8854324eae8e8977009ee17a2d1c7c1@anemone.mooo.com> <cd11d3ae4a959cae97ed5066f8ce47f8@remailer.privacy.at> <slrnngnbq4.o3m.BitTwister@wb.home.test>
Subject Re: Over 135 million modems vulnerable to denial-of-service flaw
Message-ID <38201268c5022c3a1a029ed3af5d0279@msgid.frell.theremailer.net> (permalink)
Date 2016-04-13 17:27 +0000
Newsgroups alt.privacy.anon-server, alt.cable-tv, comp.dcom.modems.cable
Organization dizum.com - The Internet Problem Provider

Cross-posted to 3 groups.

Show all headers | View raw

In article <slrnngnbq4.o3m.BitTwister@wb.home.test>
Bit Twister <BitTwister@mouse-potato.com> wrote:
>
> On Mon, 11 Apr 2016 12:10:23 +0200 (CEST), Anonymous Remailer (austria) wrote:
> >
> > In article <c8854324eae8e8977009ee17a2d1c7c1@anemone.mooo.com>
> > Jeremy Bentham <nobody@anemone.mooo.com> wrote:
> >>
> >> http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/
> >
> > That zdnet article is erroneous and inaccurate.
>
> > Resetting those cable modems does nothing but cause them to
> > reboot and reload a config file.
>
> But if that config file contents were reset to factory defaults it
> might not connect to the ISP provider.

A user can reset the modem and erase every setting in it a 
thousand times a day, matters naught.  It will resume correct 
operation every single time when it gets an IP address assigned 
to it and the bootp config file is delivered.  A user cannot 
reset the contents of the modem bootp config file provided by 
the provider DHCP server.  Every type of modem has a specfic 
bootp config file.

>
> > BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
> > inaccessible from the Internet in ALL cases.
>
> But you do not understand the exploit. As far as the modem is
> concerned it saw the reset from the user on the LAN.

What exploit?  It's not an "exploit".  It was intentionally 
designed that way.

> > They would also have to connect to each modem in order to
> > accomplish said feat.
>
> They don't have to. The user gets it when looking at an infected web page.

Yeah...?  And you're going to get all the existing SB6141 modem 
owners to access that webpage how?

> As the article indicated it is a LAN side exploit.

Therefore impossible to execute directly from the WAN side.

> > It would take a very long time to scan
> > the entire address space and find any modems in it.
>
> Just how many users do you think get into their modem and change the
> LAN gateway address.

None, because they can't change it.

> The address and web page is hard coded for that modem. See
> http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults

Irrelevant since the modem is bridging a public address and 
gateway to whatever is connected on the other side of it in the 
LAN anyway.

Back to comp.dcom.modems.cable | Previous | NextPrevious in thread | Find similar

Thread

Re: Over 135 million modems vulnerable to denial-of-service flaw "Anonymous Remailer (austria)" <mixmaster@remailer.privacy.at> - 2016-04-11 12:10 +0200
  Re: Over 135 million modems vulnerable to denial-of-service flaw Cornelis Tromp <nobody@holland.remailer.nl> - 2016-04-11 13:43 +0100
  Re: Over 135 million modems vulnerable to denial-of-service flaw Bit Twister <BitTwister@mouse-potato.com> - 2016-04-11 14:02 +0000
    Re: Over 135 million modems vulnerable to denial-of-service flaw Fritz Wuehler <fritz@spamexpire-201604.rodent.frell.theremailer.net> - 2016-04-13 17:27 +0000

csiph-web