exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Apr 2, 1999


SHA-256 | 33cab2feac5d1c3d199030d4f89a160a5d1e65264000bb10cff3f0bc30d3635e


Change Mirror Download

From xforce@iss.net Fri Apr 2 00:11:16 1999
From: X-Force <xforce@iss.net>
To: alert@iss.net
Cc: X-Force <xforce@iss.net>
Date: Wed, 31 Mar 1999 15:28:22 -0500 (EST)
Subject: ISSalert: ISS Security Advisory -- WebRamp Denial of Service Attacks

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net Contact alert-owner@iss.net for help with any problems!


ISS Security Advisory -- WebRamp Denial of Service Attacks
March 31, 1999


Ramp Networks (http://www.rampnet.com/) WebRamp Internet access devices
allow multiple computers to share a dialup connection. The WebRamp family
of Internet access devices are designed for small businesses that require
cost-effective, high-speed Internet access on every desktop.

WebRamp is vulnerable to two denial of service attacks that allow an
attacker to either crash the WebRamp device or change its IP address.
When the device crashes, it will have to be manually reset before
it will dial up. If an attacker changes the IP address of the WebRamp,
none of the machines on your network will be able to find it, so no
machines will be able to access the Internet via the WebRamp. The device
will still function as a network hub, so your intra-LAN connectivity will
not be disrupted.


WebRamp crash/denial of service attack: Sending a specially formatted string
of characters to the HTTP port of the WebRamp causes the device to hang,
requiring a manual reset.

WebRamp IP address change: Sending a specially-formatted UDP packet to port
5353 changes the WebRamp's local IP address, effectively 'hiding' the
device from the rest of your machines. The WebRamp is still connected to
the Internet and its PPP IP address is unchanged.


If an attacker has crashed your WebRamp, then manually reset it by turning
it off and on again.

If an attacker has changed the IP address, use WRFINDER.EXE on the WebRamp
installation CD to change the address to a proper value.

Fix Information:

Go to http://www.rampnet.com/upgrades to get the latest firmware for your
model of WebRamp.

Additional Information:

Information in this advisory was obtained by the research of Jon Larimer
<jlarimer@iss.net> of the ISS X-Force. ISS X-Force would like to thank
Ramp Networks <http://www.rampnet.com> for their assistance with testing
on WebRamp devices and providing fix information.


Copyright (c) 1999 by Internet Security Systems, Inc.

Permission is hereby granted for the electronic redistribution of this
Security Advisory. It is not to be edited in any way without express
consent of the X-Force. If you wish to reprint the whole or any part of
this Security Advisory in any other medium excluding electronic medium,
please e-mail xforce@iss.net for permission.

Internet Security Systems, Inc. (ISS) is the leading provider of adaptive
network security monitoring, detection, and response software that
protects the security and integrity of enterprise information systems. By
dynamically detecting and responding to security vulnerabilities and
threats inherent in open systems, ISS's SAFEsuite family of products
provide protection across the enterprise, including the Internet,
extranets, and internal networks, from attacks, misuse, and security
policy violations. ISS has delivered its adaptive network security
solutions to organizations worldwide, including firms in the Global 2000,
nine of the ten largest U.S. commercial banks, and over 35 governmental
agencies. For more information, call ISS at 678-443-6000 or 800-776-2362
or visit the ISS Web site at http://www.iss.net.

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.

Version: 2.6.3a
Charset: noconv

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By