lunes, 7 de mayo de 2007

Resetting SAGEM 1500WD

I have ADSL, yeah!. Last friday I got my router. I asked for a Thomson router, but instead I got a Sagem 1500wd. Well, I preferred the other, but if it works, I'll keep it.

I start Internet Explorer and try to enter the router configuration pages. Enter the IP, press enter... And the router resets. Damn!. Well, I wait the router to reload again and enter the IP and press enter. It resets again!!!.

After some time trying to enter the configuration pages (and resetting the router), I tried accessing it via lan (instead of wifi). It resets. Tried to access it with another browser (Opera), and it doesn't reset!!!.

Now I'm starting to go nuts. Ok, let me get it straight. Somehow, there must be something in the HTTP request that makes the router reset. Well, I start Wireshark and capture each of the requests (Opera and IE). They look like this:

 

OPERA

GET / HTTP/1.1
User-Agent: Opera/9.20 (Windows NT 5.1; U; es-es)
Host: 192.168.0.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: es-ES,es;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
TE: deflate, gzip, chunked, identity, trailers

 

INTERNET EXPLORER

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/ag-plugin, */*
Accept-Language: es-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1)
Host: 192.168.0.1
Proxy-Connection: Keep-Alive

 

Then I start Fiddler2 and try to create an HTTP request. I start with Opera requests (and I get a response). And try to change parts of the request with IE request. My first thought was to try User-Agent. It doesn't crash. My 2nd try was to change Accept. And it crashes!!!.

Then I realize that my IE Accept string is > 255 chars. So I trim it down to 255. And it works.

Am I the only one that uses IE? Am I the only one that has this kind of problem? Will this DoS attack work only from the inside? OR FROM THE WAN PORT TOO???????.

I'll find out.