	Breaking eBusiness and Search News
Advertise \| Newsletter \| Sitemap \| News Feeds

WebProNews Search

Part of the iEntry network

Modem Systems Remain Vulnerable To Attacks

Dan Morrill
Expert Author
Published: 2008-07-17

WebProNews RSS Feed

ICMP packets containing modem reset or shutdown commands, you would think that this very old attack would not be happening, but it is, and it is still fairly effective.

If you are a company that has an emergency back channel to the internet via modem, either cable, DSL, or even an old fashion 56K modem, you might be surprised to see ICMP packets that contain a modem reset string. Those reset strings work on a variety of older modems that have not had their firmware updated, or have been replaced by more recent versions of the modems. Those back of the data center modems in a rack could be a legacy system that is well worth thinking about, and working on getting them upgraded.

Originally reported in 1998, and given a CVE number in 1999, near 10 years later, and against some of the more aging equipment in the backrooms of various companies that I have been visiting lately, few if any folks knows how to take care of some of this aging equipment, that has not been slated for upgrade, let alone turned off for something else. According to ISS.net, there is still no remedy as of July 6th 2008, so many modem systems remain vulnerable to this kind of attack.

Some reports indicate that the modem will be disabled without a hard reset, so if you have this set up as an emergency fail over system, the modem bank might be out of business and given that they are the edge of the network, they might not be reporting anything because they are out of commission. It is well worth going out and finding all the back end modem systems that are on the network, and what state they are in.

The attacks are still happening in the wild, if it is a DSL or Cable Modem then deep packet inspection at the modem will help, but will only tell you if something made it through the modem. The only real way to check this is to make sure that the modem/router is hooked into syslog, and that those logs are monitored if the modem stops sending data.

Comments

View All Articles by Dan Morrill

Receive Our Daily Email of Breaking eBusiness News

About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.

WebProNews RSS Feed

More Expert Articles Articles

Contact WebProNews

TOP NEWS

WebProBlog

The official blog of WebProNews.

Go to WebProBlog

WebProNews is part of the iEntry network

Internet Business:	Marketing:	Small Business:
WebProNews	MarketingNewz	SmallBusinessNewz
WebProWorld	AdvertisingDay	PromoteNews
EcommNewz	SalesNewz	EntrepreneurNewz

Software:	Search Engines:	Web Design:
WebMasterFree	Jayde B2B	DesignNewz
NetworkingFiles	SearchZA	FlashNewz
SecurityConfig	SearchNewz	WebSiteNotes

Developer:	IT Management:	Security:
DevWebPro	ITManagement	SecurityProNews
DevNewz	SysAdminNews	SecurityConfig
TheDevWeb	NetworkingFiles	NetworkNewz

The iEntry Network consists of over 100 web publications reaching millions of Internet Professionals. Contact us to advertise.

eBUSINESS RESOURCES

Ten most recent posts.

Featured Software

About WebProNews

WebProNews is the number one source for eBusiness News. Over 5 million eBusiness professionals read WebProNews and other iEntry business and tech publications.

WebProNews provides real-time coverage of internet business.

Free Email Newsletters:

WebProNews	SearchNewz
WebProWorld	DevWebPro
Marketing	SecurityNews

Plus over 100 other newsletters!

Send me relevant info on products and services.