Experienced in the D-Link DGS-3000-10TC switch (Hardware Version: A2) detected a critical error that allows you to initiate a refusal to maintain through sending Specially decorated Network Package. After processing such packages, the switch flows into a state with 100% load on the CPU, eliminate which can only reboot.
On the issue of the problem of the support service D-Link replied “Good afternoon, after another check, the developers believe that there is no problem in DGS-3000-10TC. The problem was due to a broken package that sent DGS-3000-20L and after Fixes with new firmware problems are not observed. ” In other words, it was confirmed that the DGS-3000-20L switch (and other of this series) breaks the PPP-over-over-Ethernet Discovery client (PPPOED), and this problem is eliminated in the firmware.
At the same time, D-Link representatives do not recognize the presence of a similar problem in another model of DGS-3000-10TC, despite the provision of information that allows you to repeat the manifestation of vulnerability. After the failure to eliminate the problem, to demonstrate the ability to make an attack and stimulate the release of firmware update by the manufacturer, published PCAP dump “Death Pack”, which can be sent to check the availability of a problem using the TCPrePlay utility.