Vulnerability Development mailing list archives
Re: vxWorks WND checker?
From: KF <dotslash () snosoft com>
Date: Tue, 07 May 2002 04:45:48 -0400
This wouldn't happen to be an Airport would it? The new apple airport "snow" runs vxWorks... I was trying to get at the OS recently... let me know about what you find. There is a little PowerPC box hiding inside I want to play with.
Bennett Todd wrote:
Doing some routine auditing of a wireless net, I found that some of the access points were listening on UDP port 17185. Turns out that makes sense, that's the wndrpc port, for WindRiver Network Debugging --- it uses a private ONCRPC protocol (according to docs turned up through google, on RPC program number 55555555 version 1) to support remote debugging. This is a scary thing to find left enabled in a shipped product. Does anybody have any idea how someone who doesn't own a copy of vxWorks could test to find out for sure whether this port is really active, or whether the IP stack is just failing to return an error for packets thrown at it despite having WND disabled? NB: I don't need an exploit, or even a dos; a simple ping would be fine. Or even enough details about the protocol to craft one. Seems I can't find any of the fine details for the over-the-wire protocol, and the rpc header files are part of the vxWorks product, not publicly available. -Bennett
Current thread:
- vxWorks WND checker? Bennett Todd (May 07)
- Re: vxWorks WND checker? KF (May 07)
- Re: vxWorks WND checker? KF (May 07)
- Re: vxWorks WND checker? Iván Arce (May 07)