Weird discovery on linksys router

Firewalls, routers, servers, switches, SANs, PBXes, security and related topics
Locked
User avatar
Red Squirrel
Posts: 29209
Joined: Wed Dec 18, 2002 12:14 am
Location: Northern Ontario
Contact:

Weird discovery on linksys router

Post by Red Squirrel »

Ethereal keeps showing up with Notify HTTP packets being sent to 239.255.255.250 which must be some kind of default broadcast address that it uses or something, as I've never seen that IP before, and it seems to be part of a reserved range. I'm guessing it's like a catch all broadcast address or something. Since my real network broadcast is 10.1.1.255

Anyway after examining the packets I noticed this is the page that was being accessed:

http://10.1.1.1:5678/rootDesc.xml

It's an xml document disclosing info about the router, and my guess is that it works extrnally as well.

And to be more interesting I googled this and got this:

http://www.coresecurity.com/common/showdoc...6&idxseccion=10

It's a vulnubility. :lol: Time to patch up, or something. I've been wanting to get a more high end router anyway. But when I last tried that it did not go too well (stupid netgear crap) so I may as well save up and get a Cisco Pix, which will take me a couple of days to configure but it's all good. :lol:

Archived topic from Iceteks, old topic ID:3837, old post ID:31147
Honk if you love Jesus, text if you want to meet Him!
Locked