Discovered by my best friend Jay aka Synister Syntax: http://seclists.org/lists/bugtraq/2005/Dec/0167.html http://www.securiteam.com/securitynews/6H00E15EUE.html http://www.networksecurityarchive.org/html/NTBugtraq/2005-12/msg00002.html Arm yourselves with knowledge.
None of my systems are vulnerable to that. But thanks for the info, it's interesting that Linksys and Cisco got nailed by this.
Yeah he actually got called and emailed by the head of security at CISCO and they were asking him the details so they could try and recreate it in their labs.
I've got a linksys router at home, but i always change the default ip addresses Nice find though, it'll be patched within the next 48 hours i suspect.
So What does it mean for humble Joes like me? Is there a way of protecting one's PC? Do I even have to? Will it have any effect on my home PC or is this more big boys' stuff? What is the best plan of action? Thanks ????:dead:?????
One of the only ways to defend against tihs exploit until a patch emerges is to find a program to randomize your IP address so it is harder to target you if your router doesnt already do that.
sabshuai, don't worry, unless people deliberately target your IP address for a specific cause, ie to gain or achieve something, it is unlikely it will become a problem. All you have to do to protect yourself is to set your Router / Gateway to an address such other than: 192.168.1.10/192.168.1.1/192.168.1.100 or / 10.7.1.1/10.7.1.100/10.7.1.10. Just change it so your subnet frame is: 2 and not 1 ie: 10.7.1.1 = 10.7.2.67 or 192.168.1.1 = 192.168.2.67, set your router or gateway so it only leases IP addresses from: xxx.xxx.x.13-99 and set your routers ip address to xxx.xxx.x.12 As long as the attacker doesnt know the routers IP address, you're fine. This is not something that will most likely be out long enough to effect the average joe.
