TCP flood against NetGear FM114P

[Marc Ruef <marc.ruef () computec ch>]

Hi!

I've got a lot of availability trouble with my NetGear FM114P. After
asking the support and no good answer I started doing some test for
myself. It seems possible to crash the NetGear FM114P with many TCP
connects. I did some tests on my FM114P firmware Version 1.3 Release 05
and these are the needed connection attempts:

4349
15641
125802
22185
44395
62564
9865
22102
108132
42314

It is interessting that there is no exact value for the success. All of
them are between the large scale of 4349 and 125802. It's possible to do
this attack by brute forceing the htaccess password of the web interface
(e.g. with WWWhack). But such an attack is recorded in the log files as
following:

--- fwlog begin ---

[...]
Sun, 2002-10-06 21:23:40 - Administrator login fail, Password error -
IP:192.168.0.2
Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error -
IP:192.168.0.2
Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error -
IP:192.168.0.2
[...]

--- fwlog end ---

After this, the whole firewall freezes:

- You can't ping the box
- You can't connect to the web interface
- There is no troughput possible
- The firewall doesn't mail the scheduled log files

You need to reboot the tiny box to get a running system.

I've tried the same game with ping flooding, but there was no success.

I hope this bug will be fixed in an upcoming firmware release.

Bye, Marc

-- 
Computer, Technik und Security
http://www.computec.ch