2 edits |
to Oligarchy
Re: 2Wire Cross Site Request Forgery VulnerabilityI've probably started a very red herring here! A little knowledge is a dangerous thing!
I'll tell you the story now because it seems to have vanished.
I recently installed Pidgin because I became fed-up with the connection diarrhoea from Yahoo IM. My software firewall was in learning mode and learnt to allow Pidgin to connect to 239.255.255.250 . When I pinged this address the router responded, despite having it's address set to 192.168.n.m and no router DNS or DHCP. Then I checked and found it to be a IP multicast address only, and found it would not accept http when I tried.
I did wonder whether Pidgin used broadcast mode to do its UPnP bit of opening ports. My ignorance is total in this area.
Now I can't replicate the behaviour! I can't even ping that address!
Apologies for winding you all up about it, it really was not intentional.
EDIT - Aha! I view some video on youtube and lo:
Pinging 239.255.255.250 with 32 bytes of data:
Reply from 192.168.n.m: bytes=32 time=1ms TTL=255
Reply from 192.168.n.m: bytes=32 time=1ms TTL=255
Reply from 192.168.n.m: bytes=32 time=1ms TTL=255
Reply from 192.168.n.m: bytes=32 time=1ms TTL=255
Ping statistics for 239.255.255.250:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Note that I've edited my router address. |
actions · 2008-May-5 3:40 am · (locked) |
|
Is n.m the default 1.254, or is it whatever IP you have moved the 2wire to? |
actions · 2008-May-5 5:57 pm · (locked) |
|
to Oligarchy
Here are AT&T's instructions on how to verify you have been patched and are secure. » helpme.att.net/article.p ··· em=11659 |
actions · 2008-May-21 8:51 pm · (locked) |
remarc join:2007-08-10 Philippines |
remarc
Member
2008-May-23 1:19 pm
well... finally, a new patch. its loong been overdue. lolz! |
actions · 2008-May-23 1:19 pm · (locked) |
|
jr9730 join:2000-11-22 Torrance, CA |
to Oligarchy
Chances are its been on your 2Wire for weeks to months by now without you knowing it.. : ) |
actions · 2008-May-31 11:58 pm · (locked) |