[Snort-sigs] Documentation: SID 274
alexander.s at ...1565...
Mon Jun 23 15:42:15 EDT 2003
This is a denial of service attack that works against some modems.
The system may be disconnected from it's dial-up connection.
An ICMP Echo Request is sent to a target system with a payload that
includes "+++ath". The "+++" is an attention sequence that allows a
user to enter commands to the modem. "ath" is the modem hangup command.
An ICMP Echo Reply includes the same payload as the associated request.
On some modems, when the machine tries to reply to this packet, "+++ath"
will be interpreted as a command and the modem will hangup. The remote
address can be spoofed.
A user can remotely cause a modem to disconnect.
Ease of Attack:
Set a guard time on your modem. Contact the modem manufacturer for
details. A guard time will cause the modem to wait after receiving
"+++". Input during this wait, including "ath", will be disregarded.
Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs