rgbdream.com

Certain routers from Netgear and Linksys can apparently be triggered to drop their connections by sending a DCC SEND in an IRC channel. I just witnessed a demonstration, and sure enough, it works. And it’s fun.

The vulnerability affects users who connect to an IRC channel via a susceptible router. If another user in the channel posts “DCC SEND” followed by 15 or more characters, the router will close the connection.

This bizarre bug seems like a poorly-implemented security mechanism. It can be avoided by connecting to an IRC server on a port other than 6667. There is also speculation that turning off the router’s SPI firewall may work around the issue.

A handful of details have been posted to Usenet.

Fortunately, the threat exposure is minimal. Its biggest impact to the world at large would probably be to small offices using one of these routers — bad news for employees who hang out on IRC. Still, a surprising number of home users and even bots seem to be affected.

Thankfully, our linux-based WRT54G’s don’t seem to have this problem.

This entry was posted on Sunday, March 5th, 2006 at 8:38 pm and is filed under Fixing things. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Previous: YARR RLY
Next: MySQL socket file relocated in Tiger