Just picked one of these AP's up the other day and during a quick fiddle noticed a remote DoS. It is possible to disable the Belkin F5D6130 802.11b AP by issuing a small number of SNMP GetNextRequest requests to the AP. The attack results in the AP dropping all wireless connections and ceasing to accept any new connections, the wireless activity LED will stop blinking. The AP will also stop responding to all IP traffic on it's ethernet interface thus rendering the device unmanageable. The device will require power cycling to resume correct operation. The SNMP community name used in the requests is irrelevant. The device will respond to the SNMP requests by broadcasting one or more SNMP traps and then cease to function. This behaviour appears to be fairly consistent. The attack takes a little longer if performed from a wireless system associated to the target AP and may result in a loss of wireless connectivity only, leaving the IP stack of the AP intact. Snmpwalk may readily be used to test for this vulnerability as follows: 'snmpwalk x.x.x.x goodnight' (where x.x.x.x is the IP address of the AP) Occasionally must be run a couple of times in which case try specifying a few different objectIDs. This has been tested on a number of Belkin F5D6130 APs with the current factory shipped firmware 1.4g.8. It is not known if other firmware versions are affected or indeed if differently branded AP devices using the same hardware are vulnerable. regards wlanman <wlanman@hoobie.net> 26th August 2002
