COMMAND

    WebRamp

SYSTEMS AFFECTED

    Systems using WebRamp

PROBLEM

    Ramp  Networks  WebRamp  Internet  access  devices  allow multiple
    computers to  share a  dialup connection.   The WebRamp  family of
    Internet access  devices are  designed for  small businesses  that
    require  cost-effective,  high-speed  Internet  access  on   every
    desktop.  WebRamp is vulnerable  to two denial of service  attacks
    that  allow  an  attacker  to  either  crash the WebRamp device or
    change its IP address.  When  the device crashes, it will have  to
    be manually reset before it  will dial up. If an  attacker changes
    the  IP  address  of  the  WebRamp,  none  of the machines on your
    network will be able  to find it, so  no machines will be  able to
    access  the  Internet  via  the  WebRamp.   The  device will still
    function as a network hub, so your intra-LAN connectivity will not
    be disrupted.

    WebRamp  crash/denial  of  service  attack:  Sending  a  specially
    formatted string  of characters  to the  HTTP port  of the WebRamp
    causes the device to hang, requiring a manual reset.

    WebRamp  IP  address  change:  Sending  a  specially-formatted UDP
    packet  to  port  5353  changes  the  WebRamp's  local IP address,
    effectively 'hiding' the  device from the  rest of your  machines.
    The WebRamp  is still  connected to  the Internet  and its  PPP IP
    address is unchanged.

SOLUTION

    If an attacker  has crashed your  WebRamp, then manually  reset it
    by turning it off and on again.  If an attacker has changed the IP
    address, use WRFINDER.EXE on the WebRamp installation CD to change
    the address to a proper value.  Go to

        http://www.rampnet.com/upgrades

    to get the latest firmware for your model of WebRamp.