dlinkDoS.txt

`  
Nessus wrote a nice little plugin for it  
http://www.securityindex.net/dlink_router_overflow.nasl  
--  
My home network uses a small 4 port broadband Dlink router (704p) The firmware was updated one week ago  
to version 2.70 from the www.D-link.com website  
  
The following malformed URL's cause odd behavior in the router. Pointing your browser (like most routers) to the gateways internal IP address you get a web interface for administering your router.   
  
http://192.168.0.1/syslog.htm?D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
  
This URL caused the router to do a DNS query on:  
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA@xxxx.xx.comcast.net  
  
"@xxxx.xx.comcast.net" is the trailing end of my hostname (i replaced the real trailing host name with x's as to not give up my hometown and state! heh)  
  
  
Subsequently there was a DNS response "no such name"  
Enough of these malformed URLS causes the DNS server to DoS the router for a short time because a DNS response packet is much larger then a DNS query packet.  
This URL also caused an error in the routers log file page, the URL  
made the page look odd. This router uses CSS to display its tabs and log file (syslog.htm). Some of the HTML was visible within the CSS that were now repeating across the page. I took a screen shot and uploaded it to my webspace. Copy and paste the link below to see.  
  
http://www.securityindex.net/router.JPG  
  
<------------------------------------------- ------------------------------------------->  
<------------------------------------------- ------------------------------------------->  
<------------------------------------------- ------------------------------------------->  
<------------------------------------------- ------------------------------------------->  
<-------------------------------------------next------------------------------------------->  
  
  
This URL also cuases problems:  
  
http://192.168.0.1/syslog.htm?D=................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................  
  
This malformed URL caused the router to stop responding. Requesting this  
url over and over will eventually render the router useless until reset.  
You can still access the internet after sending this url once but the routers   
configuration page does not respond until you reset the router.  
  
If your D-Link router is set to allow remote administration then its potentially  
possible for an attacker to render your router useless until it is physically  
reset by unplugging it and replugging it into the wall.  
  
-->  
i sent an email to dlink containing a copy of this post. Thanx  
-->  
  
--chris  
  
www.securityindex.net  
  
-apex security group-  
  
:-hello-:  
george  
dreifach-x  
th1nk  
johnblaze  
  
`