Modem Systems Remain Vulnerable To Attacks
ICMP packets containing modem reset or shutdown commands, you would think that this very old attack would not be happening, but it is, and it is still fairly effective.
If you are a company that has an emergency back channel to the internet via modem, either cable, DSL, or even an old fashion 56K modem, you might be surprised to see ICMP packets that contain a modem reset string. Those reset strings work on a variety of older modems that have not had their firmware updated, or have been replaced by more recent versions of the modems. Those back of the data center modems in a rack could be a legacy system that is well worth thinking about, and working on getting them upgraded.
Originally reported in 1998, and given a CVE number in 1999, near 10 years later, and against some of the more aging equipment in the backrooms of various companies that I have been visiting lately, few if any folks knows how to take care of some of this aging equipment, that has not been slated for upgrade, let alone turned off for something else. According to ISS.net, there is still no remedy as of July 6th 2008, so many modem systems remain vulnerable to this kind of attack.
Some reports indicate that the modem will be disabled without a hard reset, so if you have this set up as an emergency fail over system, the modem bank might be out of business and given that they are the edge of the network, they might not be reporting anything because they are out of commission. It is well worth going out and finding all the back end modem systems that are on the network, and what state they are in.
The attacks are still happening in the wild, if it is a DSL or Cable Modem then deep packet inspection at the modem will help, but will only tell you if something made it through the modem. The only real way to check this is to make sure that the modem/router is hooked into syslog, and that those logs are monitored if the modem stops sending data.
View All Articles by Dan Morrill
Our Daily Email of Breaking eBusiness News
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
WebProNews RSS Feed
More Expert Articles Articles