Blog back online!
The SSL certificate for this blog expired a few days ago; it took me awhile to notice and get a new one signed by StartSSL. Now we’re back online!
Ghost Traffic aka Other Peoples’ BitTorrent Traffic aka It Wasn’t Me, Officer!
Earlier this week, HughesNet scheduled a maintenance outage to do whatever it is that they need to do for maintenance (which, in the past, has included replacing equipment damaged by golf-ball sized hail at the ground stations). When the connection came back up early the next morning, it was plagued by mysterious and intermittent RSTs on HTTP connections and 2% packet loss. Owch! Having approximately 320268309285049386509258 errands to run, I didn’t get to examine the connection until last night…
HT1000 URL Parsing Vulnerability (now fixed!)
Disclaimer: This issue has recently (September-ish) been fixed by HughesNet (thank you!) in a firmware update to the HT1000 modem. I am reposting the old article for historical purposes.
The HT1000 modem has a configuration/status webpage called the “System Control Center” (SCC) at the IP address 192.168.0.1. Certain malformed URL within the SCC will cause an arbitrary command to be executed on the modem as an unprivileged user.
This security hole is related to the command to enable and disable Web Acceleration.