Workaround:
Filtering port 80 on the WAN interface is enough to prevent this DoS. Port 53 UDP and port 23 telnet are also wide open by default.
Vendor response:
"It appears that both individuals posting on these products have not taken the opportunity to download the software patch for the OCR812 router software version 1.1.9. In responding to the specific points above, however, it is certainly possible to employ port filtering on the WAN interface for ports 23 and 53 if the customer desires. Following the same methodology as the port 80 filter available on the 3Com web site (http://support.3com.com/infodeli/tools/remote/ocradsl/http_filtering.pdf).
More to the point however, our customers have requested that these routers be managed remotely from the WAN by default. In most cases, they also employ another method supported on these products called access lists. Access lists will only allow IP addresses in the range configured to access the management interfaces. For details on Access Lists see the Command Line Interface manual available at: http://support.3com.com/infodeli/tools/remote/ocradsl/20/812_cli20.pdf
Page 6-31 details how access lists are configured.
It is suggested that if access lists are used and used properly, the DoS issues below do not exist."
Exploit:
// 3Com OfficeConnect 812/840 ADSL Router Denial of Service (maybe others)
// Proof of concept, soft and hard reset, the security is weak
// Written pour sniffer <sniffer@sniffer.net>
// Fri Sep 21 15:51:35 BRT 2001
// Viva Brazil!
