Nexland users alert/new firmware fixes security issues!

White00t · 02-19-05, 04:27 PM

My Nexland ISB SOHO has been stalling the inet while surfing and dropping my Xbox Live connections for weeks now. While looking for new firmware I found these security issues, http://securityresponse.symantec.com...004.09.22.html.

Symantec has released a new firmware, 16U.

"Corrections Included in this Release:

Issue 1 - Denial of service caused by a fast UDP port scan
A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN interface of the firewall will cause the firewall to lock up and stop responding. Turning the power off and on will reset the firewall.

Issue 2 - Filter bypass on WAN interface
A UDP port scan against the WAN interface of the firewall from a source port of UDP 53 bypasses filter on WAN interface and exposes the tftpd, snmpd and isakmp active services. All other ports are reported as closed.

Issue 3 - Default read/write community string on SNMP service
The default read/write community string used by the firewall is public, allowing an attacker to collect and alter the firewall's configuration. By combining this with issue 2 mentioned above, an attacker is able to exploit this against the WAN interface by sending SNMP GET/SET requests whose source port is UDP 53. The administrative interface for the firewall does not allow the operator to disable the service nor change the community strings."

ISB SOHO version: http://www.symantec.com/techsupp/ent...o_4/files.html.

Wavebase: http://www.symantec.com/techsupp/ent...ess/files.html

Pro400, Pro800 and Pro800 turbo: http://www.symantec.com/techsupp/ent...all/files.html

for the Pro100 I dont know...some guy in this thread mentions changing the hex in the beginning which went over my head. http://www.dslreports.com/forum/rema...=flat#12280172

Also the readme at Symantec isnt very thorough so I just went by my old Nexland readme for version 15Y:

"Installation Instructions:

Using "<firmwarename>_all.bin" File

***WARNING***
This Process will reset your device to it's factory configuration. All of your settings will be erased. Please make note of all of the settings inside the ISB. See Below for "APP" usage to maintain settings.

1. Extract the Firmware Zip file to a directory on your local computer.

2. Set dip Switches number 1 & 2 to the ON (*DOWN*) position, and press the reset button on the back of the device.

3. Open the directory to where you extracted the firmware file to.

4. Double Click the NXTFTPX.exe file.

5. In the Nexland TFTP v1.00 program, enter the Server IP as the IP address of your Nexland Router (Default: 192.168.0.1).

6. Click the BROWSE button and go to the directory where you extracted the firmware file to, select the <firmwarename>_all.bin file and click OK.

7. Now both the Server IP and the Local File should be populated, Click the PUT button.

8. Once this is completed you should receive a message of SUCCESS. Set dip switches number 1 & 2 to the OFF (*UP*) position and press the reset button on the back of the device again.

Your Firmware has been successfully flashed.

*********************************************************
Using "<firmwarename>_app.bin" File
This process will NOT reset the device to it's factory configuration. Your settings will NOT be erased.
You can use this firmware ONLY if you are upgrading from version 1rel5A firmware or higher.

1. Extract the Firmware Zip file to a directory on your local computer.

2. Set dip Switches number 1 & 2 to the ON (*DOWN*) position, and press the reset button on the back of the device.

3. Open the directory to where you extracted the firmware file to.

4. Double Click the NXTFTPX.exe file.

5. In the Nexland TFTP v1.00 program, enter the Server IP as the IP address of your Nexland Router (Default: 192.168.0.1).

6. Click the BROWSE button and go to the directory where you extracted the firmware file to, select the <firmwarename>_app.bin file and click OK.

7. Now both the Server IP and the Local File should be populated, Click the PUT button.

8. Once this is completed you should receive a message of SUCCESS. Set dip switches number 1 & 2 to the OFF (*UP*) position and press the reset button on the back of the device again.

Your Firmware has been successfully flashed.

If you occur any errors durring this process, please don't hesitate to contact
Technical Support."

Hope this HAS been posted before and helped out every Nexland user! Take care!

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Spammer Alert, Spammer Alert!	Prey521	General Discussion Board	4	10-08-04 01:45 PM
ALERT! If you got this worm virus you may just got your CD key stolen	HawaiianGhost	Gaming	2	11-06-03 06:01 PM
Important for SBC Users Virus alert	mccoffee	General Broadband Forum	3	08-02-03 11:29 AM
Amber Alert Pays Off!!	CiscoKid	General Discussion Board	7	08-15-02 04:18 PM
Worm Alert - Somthing Interesting my Gramps Sent Me	Merc	General Discussion Board	4	10-28-01 09:02 PM

02-19-05, 04:27 PM	#1
White00t Member Join Date: Jun 2002 Posts: 55	Nexland users alert/new firmware fixes security issues! My Nexland ISB SOHO has been stalling the inet while surfing and dropping my Xbox Live connections for weeks now. While looking for new firmware I found these security issues, http://securityresponse.symantec.com...004.09.22.html. Symantec has released a new firmware, 16U. "Corrections Included in this Release: Issue 1 - Denial of service caused by a fast UDP port scan A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN interface of the firewall will cause the firewall to lock up and stop responding. Turning the power off and on will reset the firewall. Issue 2 - Filter bypass on WAN interface A UDP port scan against the WAN interface of the firewall from a source port of UDP 53 bypasses filter on WAN interface and exposes the tftpd, snmpd and isakmp active services. All other ports are reported as closed. Issue 3 - Default read/write community string on SNMP service The default read/write community string used by the firewall is public, allowing an attacker to collect and alter the firewall's configuration. By combining this with issue 2 mentioned above, an attacker is able to exploit this against the WAN interface by sending SNMP GET/SET requests whose source port is UDP 53. The administrative interface for the firewall does not allow the operator to disable the service nor change the community strings." ISB SOHO version: http://www.symantec.com/techsupp/ent...o_4/files.html. Wavebase: http://www.symantec.com/techsupp/ent...ess/files.html Pro400, Pro800 and Pro800 turbo: http://www.symantec.com/techsupp/ent...all/files.html for the Pro100 I dont know...some guy in this thread mentions changing the hex in the beginning which went over my head. http://www.dslreports.com/forum/rema...=flat#12280172 Also the readme at Symantec isnt very thorough so I just went by my old Nexland readme for version 15Y: "Installation Instructions: Using "<firmwarename>_all.bin" File *WARNING* This Process will reset your device to it's factory configuration. All of your settings will be erased. Please make note of all of the settings inside the ISB. See Below for "APP" usage to maintain settings. 1. Extract the Firmware Zip file to a directory on your local computer. 2. Set dip Switches number 1 & 2 to the ON (DOWN) position, and press the reset button on the back of the device. 3. Open the directory to where you extracted the firmware file to. 4. Double Click the NXTFTPX.exe file. 5. In the Nexland TFTP v1.00 program, enter the Server IP as the IP address of your Nexland Router (Default: 192.168.0.1). 6. Click the BROWSE button and go to the directory where you extracted the firmware file to, select the <firmwarename>_all.bin file and click OK. 7. Now both the Server IP and the Local File should be populated, Click the PUT button. 8. Once this is completed you should receive a message of SUCCESS. Set dip switches number 1 & 2 to the OFF (UP) position and press the reset button on the back of the device again. Your Firmware has been successfully flashed. ********************************************************* Using "<firmwarename>_app.bin" File This process will NOT reset the device to it's factory configuration. Your settings will NOT be erased. You can use this firmware ONLY if you are upgrading from version 1rel5A firmware or higher. 1. Extract the Firmware Zip file to a directory on your local computer. 2. Set dip Switches number 1 & 2 to the ON (DOWN) position, and press the reset button on the back of the device. 3. Open the directory to where you extracted the firmware file to. 4. Double Click the NXTFTPX.exe file. 5. In the Nexland TFTP v1.00 program, enter the Server IP as the IP address of your Nexland Router (Default: 192.168.0.1). 6. Click the BROWSE button and go to the directory where you extracted the firmware file to, select the <firmwarename>_app.bin file and click OK. 7. Now both the Server IP and the Local File should be populated, Click the PUT button. 8. Once this is completed you should receive a message of SUCCESS. Set dip switches number 1 & 2 to the OFF (UP) position and press the reset button on the back of the device again. Your Firmware has been successfully flashed. If you occur any errors durring this process, please don't hesitate to contact Technical Support." Hope this HAS been posted before and helped out every Nexland user! Take care! Last edited by White00t; 02-19-05 at 10:07 PM. Reason: unclear title name