exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Security Advisory -- WebRamp Denial of Service Attacks March 31, 1999

ISS Security Advisory -- WebRamp Denial of Service Attacks March 31, 1999
Posted Apr 2, 1999

Ramp Networks (http://www.rampnet.com/) WebRamp Internet access devices allow multiple computers to share a dialup connection. The WebRamp family of Internet access devices are designed for small businesses that require cost-effective, high-speed Internet access on every desktop.

SHA-256 | 33cab2feac5d1c3d199030d4f89a160a5d1e65264000bb10cff3f0bc30d3635e

ISS Security Advisory -- WebRamp Denial of Service Attacks March 31, 1999

Change Mirror Download

From xforce@iss.net Fri Apr 2 00:11:16 1999
From: X-Force <xforce@iss.net>
To: alert@iss.net
Cc: X-Force <xforce@iss.net>
Date: Wed, 31 Mar 1999 15:28:22 -0500 (EST)
Subject: ISSalert: ISS Security Advisory -- WebRamp Denial of Service Attacks

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------


-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Advisory -- WebRamp Denial of Service Attacks
March 31, 1999

Synopsis:

Ramp Networks (http://www.rampnet.com/) WebRamp Internet access devices
allow multiple computers to share a dialup connection. The WebRamp family
of Internet access devices are designed for small businesses that require
cost-effective, high-speed Internet access on every desktop.

WebRamp is vulnerable to two denial of service attacks that allow an
attacker to either crash the WebRamp device or change its IP address.
When the device crashes, it will have to be manually reset before
it will dial up. If an attacker changes the IP address of the WebRamp,
none of the machines on your network will be able to find it, so no
machines will be able to access the Internet via the WebRamp. The device
will still function as a network hub, so your intra-LAN connectivity will
not be disrupted.


Description:

WebRamp crash/denial of service attack: Sending a specially formatted string
of characters to the HTTP port of the WebRamp causes the device to hang,
requiring a manual reset.

WebRamp IP address change: Sending a specially-formatted UDP packet to port
5353 changes the WebRamp's local IP address, effectively 'hiding' the
device from the rest of your machines. The WebRamp is still connected to
the Internet and its PPP IP address is unchanged.

Recommendations:

If an attacker has crashed your WebRamp, then manually reset it by turning
it off and on again.

If an attacker has changed the IP address, use WRFINDER.EXE on the WebRamp
installation CD to change the address to a proper value.


Fix Information:

Go to http://www.rampnet.com/upgrades to get the latest firmware for your
model of WebRamp.


Additional Information:

Information in this advisory was obtained by the research of Jon Larimer
<jlarimer@iss.net> of the ISS X-Force. ISS X-Force would like to thank
Ramp Networks <http://www.rampnet.com> for their assistance with testing
on WebRamp devices and providing fix information.

________

Copyright (c) 1999 by Internet Security Systems, Inc.

Permission is hereby granted for the electronic redistribution of this
Security Advisory. It is not to be edited in any way without express
consent of the X-Force. If you wish to reprint the whole or any part of
this Security Advisory in any other medium excluding electronic medium,
please e-mail xforce@iss.net for permission.

Internet Security Systems, Inc. (ISS) is the leading provider of adaptive
network security monitoring, detection, and response software that
protects the security and integrity of enterprise information systems. By
dynamically detecting and responding to security vulnerabilities and
threats inherent in open systems, ISS's SAFEsuite family of products
provide protection across the enterprise, including the Internet,
extranets, and internal networks, from attacks, misuse, and security
policy violations. ISS has delivered its adaptive network security
solutions to organizations worldwide, including firms in the Global 2000,
nine of the ten largest U.S. commercial banks, and over 35 governmental
agencies. For more information, call ISS at 678-443-6000 or 800-776-2362
or visit the ISS Web site at http://www.iss.net.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNwEjQTRfJiV99eG9AQHS2AQAilU+R2J0pU2DMi+0CBMjl1zwIPob990s
n4ECDLLimt66TLeZW3fBxstHOzWUJ1YRPm/Ahb0oeyDqx54Cv4LA3uZttq5mZ2+d
d84nPbznpzC6Q/9eqVX8tNF0cp2TNc2eIqkwV4I1ZZ68JMkepmglT73mPqpzWJL8
fIT8UGYykDs=
=4bwl
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close