Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SV: Zyxel / Netgear and probably other routers leaking information.

From: "Jens Kalvik" <Jens.Kalvik () conect se>
Date: Tue, 1 Feb 2005 08:56:15 +0100
Hi!

I was a bit quick on this, it seems as Zyxels routers latest firmware solves the problem. We made an upgrade from an 
older firmware to the latest, but forgot to empty the arp cache on the computer, so it looked as the problem was still 
there. But the problem with Netgear RT311 and RT314 is still there, and they even respond when I ping the LAN side from 
the WAN side. The firmware used on the Netgear routers are  V3.26(CA.0), this firmware was mailed to me by Netgear, but 
does not solve the problem. To make it easier for you to understand what I mean you can also see it like this: 

1. Configure a computer to be able to surf the Internet using the router as protection.
2. Move the computer from LAN side to WAN side of the router without changing IP configuration.

When you ping the LAN side from the WAN side there will still be an answer, so the router is leaking.

-----Ursprungligt meddelande-----
Från: Viktor E Larionov [mailto:viktor () esknet ee] 
Skickat: den 31 januari 2005 22:10
Till: Jens Kalvik
Kopia: bugtraq () securityfocus com
Ämne: Re: Zyxel / Netgear and probably other routers leaking information.


Hey Jens,
In general Zyxel is not as it used to be. We had a lot of problems with their wlan equipment, not working as it should.


the result must be that if I send a packet with the same destination 
IP as the routers LAN IP, I will get an ARP reply from the WAN side. 
This can be used to get information about which IP adresses are used 
on the LAN side when you are sitting on the WAN side. It

- Hmmmm sounds quite strange, if you know the lan ip of the router why do you need to know the structure of ips used 
inside ? They are as well in the same subnet as the routers lan adress.
- Concerning that other issue on pinging from WAN - well i belive that it shouldn't work at all - just because you use 
different subnets on the client machine and a routers WAN interface, the routers key problem is that as i understand it 
doesn't make a difference from which port is the packet coming, as far as he has a valid source-ip that is allocated on 
whatever subnet which is connected to whatever port on the router, then the router will answer him from the ip on the 
same subnet as the client machine. Well i really belive it's a peculiar behaviour not more than that.


---
"To beer, or not to beer ?" /*ShakesBeer*/

WBR,
Mr. Victor E Larionov
system administrator

Esknet Ltd.
Gonsiori 33, 10147, Tallinn

Tel:    +372 6010248
Fax:    +372 6050293
GSM:    +372 53496972
E-mail: viktor () esknet ee
Previous By Date Next
Previous By Thread Next

Current thread: