Testing modems with a DoS attack

posted onJune 27, 2000
by hitbsecnews

I
know you're probably sitting there wondering, what the fuck is L33t on
about now eh? Well first let me start by saying that this info is actually
just a DoS attack that I read about like eons ago, however I also found
that you could use this information "constructively" for testing the quality
of your modem and shit like dat. If I'm not mistaken I read about this
at attrition.org

Just
in case you already know what I'm talking about, here's the exact command
that you need to issue to cause the DoS attack.

ping
-p 2b2b2b415448300d -c 10 xxx.xxx.xxx.xxx

(where
xxx.xxx.xxx.xxx is the IP address of the target.)

If you haven't heard about this yet, then read on. Here's a list of what
you'll need : Modem - external, internal... doesn't matter... as long
as it works. Linux box, UNIX box, or pretty much any *NIX machine or OS
in which you can specify the content of your ping packets. If you're on
Winblows, then you're out of luck, cause you can't specify your ping patterns.
You're stuck with whatever crap is standard.

How
does it work?

Most
modems today follow the Hayes Command set (ATZ, ATDT, ATH0..) Thus by
forcing the victim to respond with the string "+++ATH0" many brands of
modems will interpret the +++ATH0 as the user manually attempting to enter
command mode and execute a command. Because of this, when the victim attempts
to respond with the +++ATH0 the modem sees it within the IP datagram and
hangs up the modem. **Not all modems are effected** Some, such as the
U.S. Robotics, and other higher quality type of modems, require that there
be a pause of a about a second where no text is sent preceding the +++
before going into command mode. This makes it impossible to force the
modem to hang up since there is no way to get the victim machine to reply
with +++ without data immediately following. The reason for this is due
to the fact that PPP Frames have data after the IP datagram, so if you
some how managed to make the victim reply with a damaged IP datagram that
had +++ as the last three values, the following end of the PPP frame would
be the data which made the modem ignore the +++.

I
have tested this out on three different modems : One a D-Link DFM-560E, a no-name crappy modem, and a USR 28.8Kbps model. The USR modem survived
the test and nothing happened at all. The D-Link and the crappy one were
affected and immediately dropped the line. You'll find that if you're
using a modem that is affected by this attack, you can't use this method
to disconnect someone else in the void or on IRC. Why? Because as soon
as you send the ping command from your own system, it has to pass through
your PPP connection (your modem) and it will cause your own modem to disconnect
FIRST - thus the ping packet never gets a chance to leave your machine,
and the packet is just dropped. (That's how you test the "quality" of
your modem... hehehe)

One
way to get around this is to either, telnet to a shell account that is
running on an ISDN or perhaps ADSL or other "fixed line" device which
do not use the +++ATH0 command or just "patch" your modem (more on this
later). As far as I know, telnetting to a shell account via a dialup connection
and issuing the ping command should not cause your connection to die.
Correct me if I'm wrong on this one though. The
easiest method to get your victim to reply to the +++ATH0 command would
be to issue the ping command directly from your terminal window. As I
mentioned above, this will only work if your on a connection that's not
affected by this attack.

If
your modem is affected, you can pretty much fix it yourself by adding
in "s2=255" to your modem initialization string which will disable the
modem's ability to go into command mode. What s2 does is change the character
which is used to enter command mode. Normally any value over 127 disables
the ability to manually enter command mode but in some cases it requires
a higher number, to be sure just put 255.

The equivalent of the '+++ATH0' string in hex is: 2b2b2b415448300d . The complete
command is : ping -p 2b2b2b415448300d -c 10 xxx.xxx.xxx.xxx

The
-p command is for the pattern (in this case it's the +++ATH0 command in
hex form)

The
-c command is the number of packets to send. 5 should be sufficient, but
I prefer 10.

The
reason why this attack won't work on a Windows machine is that the "-p"
option is not supported by the "ping" program from Microsoft. As you can
see, this DoS attack isn't a big deal. It's easily preventable, rarely
effective, and relatively harmless - if it hits you, just redial.

Peace
out. -
L33tdawg

1.)
OsReview :
Red Hat 6.1 -
L33tdawg

2.)
Lockdown
: Securing your Linux box (part 1) -
L33tdawg

3.)
Remote OS
detection via TCP/IP Stack FingerPrinting -
Fyodor

4.)
Installing
Linux on a Laptop -
OB-1

5.)
Hacking
payphones - Telstra style -
OB-1

6.)
Testing modems
with a DoS attack -
L33tdawg

7.)
Avoiding detection
-
L33tdawg

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes