Bugtraq mailing list archives
Re: Denial of Service Attacks INFO
From: reschly () ARL MIL (Robert J. Reschly Jr.)
Date: Thu, 23 May 1996 11:21:13 EDT
UDP Bomb - By sending a UDP packet with incorrect information in the header, some Sun-OS 4.1.3 Unix boxes will panic and then reboot.
The problem was not limited to UDP. We had early production models of the Xerox Encryption Units (XEU), devices which would eat an Ethernet framed IP packet and encrypt only the Data portion of the Ethernet frame for secure transmission to another XEU. The early versions of this box left the Ethernet Length/Type field alone. When the XEU encrypted a broadcast packet, all machines on the wire would receive the Ethernet frame, look at the Length/Type field and hand the packet off to IP for further processing. Since all the Ethernet frame Data (i.e. the entire IP packet) was scrambled, attempting to process this as IP data was, umm.... interesting (really tested the packet handling and validation code). The Suns (running 4.1.1 or 4.1.3 at the time, I cannot remember which), paniced. After we showed Xerox the error of their ways :-) Xerox applied for and received an Ethernet Length/Type identifier for XEU encrypted Ethernet frames, and they modified their boxes to use it. The original Length/Type code was copied "inside" the data portion of the encrypted Ethernet frame and the XEU could either fragment Ethernet frames which became too long (already necessary due to the encryption process), or the source host MTU could be cranked down to prevent this. We tended to do the latter because the XEU (and all similar boxes, btw) are a real bottleneck and it was faster in the long run to send a few more slightly shorter IP packets than it was to process two encrypted Ethernet frames for each IP packet. Idly, Bob ------- U.S. Army Research Laboratory / Advanced Simulation and High Performance Computing Directorate / High Performance Computing Division / Computing Technologies Branch / Advanced Development Team / Aberdeen Proving Ground, MD 21005-5067 / ATTN: AMSRL-SC-CC (Reschly) // e-mail:reschly () ARL MIL // Voice: (410)278-8612(VM) FAX: (410)278-5077 DSN:298- FTS:939- APG, MD ofc Voice: (703)812-8205 FAX: (703)812-9701 HPCMO Alexandria, VA ofc **** For a good time, call: (303)499-7111. Seriously! ****
Current thread:
- Is _your_ Netscape under remote control, (continued)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)
- Re: Is _your_ Netscape under remote control Chris Burris (May 24)
- CIAC Bulletin G-25: SUN statd Program Vulnerability David Crawford (May 24)
- Re: Is _your_ Netscape under remote control Phillip Wherry (May 24)
- Re: Is _your_ Netscape under remote control Dave Taylor (May 23)
- Re: Is _your_ Netscape under remote control Darrell Fuhriman (May 24)
- Re: Is _your_ Netscape under remote control Dave Horsfall (May 25)
- Re: Is _your_ Netscape under remote control Wolfgang Ley (May 27)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)
- Re: Is _your_ Netscape under remote control Sven Neuhaus (May 24)
- Re: Is _your_ Netscape under remote control Roger Espel Llima (May 24)