Bugtraq mailing list archives
Re: Denial of Service Attacks INFO
From: fc () all net (Fred Cohen)
Date: Wed, 22 May 1996 14:57:43 -0400
UDP Bomb - By sending a UDP packet with incorrect information in the header, some Sun-OS 4.1.3 Unix boxes will panic and then reboot.Anyone willing to say _what_ this magic incorrect information is? I'd much rather not have to take the time to grab the patch, uncompile both it and the file(s) it replaces, and try to figure it out from there.
For example: from-IP=127.0.0.1 to-IP=target Packet type: UDP from UDP port 7 (echo) to UDP port 7 (echo) UDP port echos the packet to localhost which echoes the packet to localhost, ... infinite loop - resource exhaustion - ... Similar things work on systat, daytime, time, and other UDP services that return results to the source of the inbound packet and don't depend on packet content. To get 2 hosts with one packet: from-IP= target 1 to-IP=target 2 they bounce the packets back and forth between each other. Add source routing to absorb bandwidth to more intermediate sites along the way. Add high priority, etc. to make it even more abusive. By the way - a common Web cashing server now uses UDP port 7 packets to check for changed files, so any server that supports this cache scheme is also susceptible to these attacks. -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 330-686-0090 - PO Box 1480, Hudson, OH 44236
Current thread:
- Re: Denial of Service Attacks INFO der Mouse (May 22)
- Re: Denial of Service Attacks INFO Doug Hughes (May 22)
- Re: Denial of Service Attacks INFO Fred Cohen (May 22)
- Re: Denial of Service Attacks INFO Tim Newsham (May 22)
- Re: Denial of Service Attacks INFO Jonny Llama (May 22)
- <Possible follow-ups>
- Re: Denial of Service Attacks INFO Matthew Harding (May 23)
- Re: Denial of Service Attacks INFO Fred Cohen (May 23)
- /dev/openprom problems - Solaris 1 or Solaris 2 Matthew Harding (May 24)
- Possible bug in solaris2.4 ? Tequila System Admin (May 24)
- Re: Possible bug in solaris2.4 ? Dave Barr (May 24)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Jamie (May 25)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Dan Stromberg (May 26)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)