Zyxel Prestige 681 SDSL router information leak
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Zyxel P681 with ZyNOS S/W Version: Vt020225a | 2/25/2002 installed leaks
random portions of memory in ARP requests:
21:47:05.709295 arp who-has x.x.x.x tell x.x.x.x
0x0000 0001 0800 0604 0001 00a0 c526 3cc1 xxxx ................
0x0010 xxxx 0000 0000 0000 xxxx xxxx 0a48 6f73 .............Hos
0x0020 743a 3233 392e 3235 352e 3235 352e t:239.255.255.
and after telnet login, packets contains fragments of session!
21:48:24.804384 arp who-has x.x.x.x tell x.x.x.x
0x0000 0001 0800 0604 0001 00a0 c526 3cc1 xxxx ................
0x0010 xxxx 0000 0000 0000 xxxx xxxx 5b32 323b ............[22;
0x0020 3439 4833 392e 3235 352e 3235 352e 49H39.255.255.
21:50:34.537114 arp who-has x.x.x.x tell x.x.x.x
0x0000 0001 0800 0604 0001 00a0 c526 3cc1 xxxx ................
0x0010 xxxx 0000 0000 0000 xxxx xxxx 4849 6e66 ............HInf
0x0020 6f72 6d61 7469 6f6e 1b5b 363b 3439 ormation.[6;49
21:51:00.175642 arp who-has x.x.x.x tell x.x.x.x
0x0000 0001 0800 0604 0001 00a0 c526 3cc1 xxxx ................
0x0010 xxxx 0000 0000 0000 xxxx xxxx 3333 4856 ............33HV
0x0020 6572 7369 6f6e 3a35 352e 3235 352e ersion:55.255.
21:52:01.542252 arp who-has x.x.x.x tell x.x.x.x
0x0000 0001 0800 0604 0001 00a0 c526 3cc1 xxxx ................
0x0010 xxxx 0000 0000 0000 xxxx xxxx 3b33 3748 ............;37H
0x0020 6f72 1b5b 3231 3b34 3048 5245 5455 or.[21;40HRETU
- --
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE *
* JID: venglin@xxxxxxxxxxxxxxx ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBRfuHkxEnBiV4/K0RAtXYAKCjA/6gHjDH8tEoESOC/Xql00+ZhQCgtVFx
PP96Pg8gPC4KHb7dXWLDpXU=
=sUX9
-----END PGP SIGNATURE-----