Belkin Cable/DSL Router Modifies IP Source Addresses on Packets Destined for Internal Hosts
|
|
SecurityTracker Alert ID: 1004515 |
|
SecurityTracker URL: http://securitytracker.com/id/1004515
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 11 2002
|
Impact:
Modification of system information
|
Exploit Included: Yes
|
Version(s): Model F5D5230-4; Firmware runtime code version V1.20.000; Hardware version R01
|
Description:
A vulnerability was reported in the Belkin F5D5230-4 4-Port Cable/DSL Gateway Router. The device may modify the source address of certain IP packets.
It is reported that when a remote user on the internal network connects to a web server (on port 80) on the internal network, the Belkin router will incorrectly modify the source address when processing the packet. According to the report, the source address from the host originating the HTTP request will be mapped to the router's external address. After this occurs, all packets (including those originating from the external Internet interface) will have their source addresses mapped.
As a result, logging on the web server or destination host will not show the correct source address.
This effect will apparently continue until the router is reset.
The vendor has reportedly been notified.
|
Impact:
The router will replace the original source address with the router's own external interface IP address for certain packets destined for the internal network. Systems on the internal network that are performing logging will only see the router's address instead of the original source address.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: catalog.belkin.com/IWCatProductPage.process?Merchant_Id=&Section_Id=2094&pcount=&Product_Id=113464&Section.Section_Path=%2FRoot%2FNetworki%2E%2E%2EndCables%2FCableDSL%2E%2E%2EyRouters%2Fct_Id%3E (Links to External Site)
|
Cause:
State error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 11 Jun 2002 09:12:29 +1100
Subject: Belkin GCable/DSL router problem with http requests
|
Product: Belkin F5D5230-4 4-Port Cable/DSL Gateway Router
Firmware version: Runtime code version V1.20.000
Hardware version: R01
Problem : Reporting incorrect IP address when allowing port 80 into internal network.
Description:
The Belkin 4-port Cable/DSL Gateway Router will forward a http request to the correctly configured http server in the internal network.
The reported IP address is correct, until a request from the internal network is tried.
>From this moment the requesting IP address is always reported as the router's external IP address.
NIS and Xitami both report the request as coming from the router, instead of coming from the internet.
This continues until the router is reset.
Notified Belkin 09/May/2002, no workaround or fix received yet.
_______________________________________________________
WIN a first class trip to Hawaii. Live like the King of Rock and Roll
on the big Island. Enter Now!
http://r.lycos.com/r/sagel_mail/http://www.elvis.lycos.com/sweepstakes
|
|
