Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Denial of Service Attacks INFO

From: fc () all net (Fred Cohen)
Date: Wed, 22 May 1996 14:57:43 -0400


UDP Bomb - By sending a UDP packet with incorrect information in the
header, some Sun-OS 4.1.3 Unix boxes will panic and then reboot.


Anyone willing to say _what_ this magic incorrect information is?  I'd
much rather not have to take the time to grab the patch, uncompile both
it and the file(s) it replaces, and try to figure it out from there.


For example:

        from-IP=127.0.0.1
        to-IP=target
        Packet type: UDP
        from UDP port 7 (echo)
        to UDP port 7 (echo)

UDP port echos the packet to localhost which echoes the packet to localhost, ...
infinite loop - resource exhaustion - ...

Similar things work on systat, daytime, time, and other UDP services
that return results to the source of the inbound packet and don't depend
on packet content.

To get 2 hosts with one packet:

        from-IP= target 1
        to-IP=target 2

they bounce the packets back and forth between each other.

Add source routing to absorb bandwidth to more intermediate sites along
the way.  Add high priority, etc. to make it even more abusive.

By the way - a common Web cashing server now uses UDP port 7 packets to
check for changed files, so any server that supports this cache scheme
is also susceptible to these attacks.

-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 330-686-0090 - PO Box 1480, Hudson, OH 44236
Previous By Date Next
Previous By Thread Next

Current thread: