Why is this a thing now?
Is there any consumer or "small business" device that isn't trivial to crash? Many of them don't even need to be provoked.
Netgear has warned customers about the trivial denial-of-service vulnerability discovered in its Intel-powered gigabit cable modems. The networking biz is advising owners of the CM700 gateway to sit tight while it figures out how to patch a weakness that leaves the modem prone to DoS attacks. In other words, there is no …
Many consumer and small business devices are not prone to trivial crash. The motorola cable modem I'm using now is not affected by "trivial" packet stream and I bet many other ADSL/cable modem brands are not affected by "trivial" packet stream DoS.
Intel quality heading south lately, not sure what's going on with QA.
Make a list of all URLs that a modem/router supports. Hit them all repeatedly with fuzzing and time the response. Scan for open ports and send them HTTP requests too. Hit the slowest results repeatedly and you'll usually cause a failure of some kind - OOM, buffer overflow, deadlock threads, or a good old fashioned brown-out.
For example the "Fritz!Box" which typically preforms much better in terms of security and stability than many "enterprise grade" systems.
On the other hand, there's a brand of rather expensive "enterprise grade" systems with their own custom operation system, which gets stuck in an infinite loop when you set a wrong password on your SIP-account.
As I understand it, Intel have rolled out firmware updates to the modem manufacturers and these are being rolled out to the ISP's.
I understand Virgin for exmple is going to be distributing firmware "soon" although they might still mean a month or two away.
Given the issues of the Puma 6 chipset. Why isn't there coverage on Virgin Media's shameful policy of forcing users to use the Super Hub 3. (If BT had a dodgy Homehub this site would be gleefully taking them to task on a daily basis)
Plenty of people on the official forums are being stonewalled and the problems obfuscated.
The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris TG2492 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15064. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Virgin Media.
Biting the hand that feeds IT © 1998–2019