Bugtraq mailing list archives
ping exploit
From: fate () JET LAKER NET (fATE 1997 BABY)
Date: Sat, 28 Jun 1997 17:02:33 -0400
I thought this was patched back when this exploit was discovered for rebooting linux when you would ping -l 65510 ip of a linux box, but it seems that its still around for win95 users. When you run the program called sping, it will send an oversized packet to the destined IP and cause the win95 machine to freeze. I believe if you install a firewall for the win95 machine, this will be patched. That how I patched it in linux when it was first discovered. This seems to only work with Windows 95, NT, and OSR2/3. If you can come up with a better patch, please do so, grin. I will include the binary to sping in this email. Just for your information, this is what I recieve in my tcpdump / syslogd. Syslogd(sending to myself) Oversized packet received from 205.245.75.240 TCPdump(sending out) 16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@4176+) 16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@4560+) 16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@4936+) 16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@5320+) 16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@5696+) 16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@6080+) 16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@6456+)
Current thread:
- Re: Solaris Ping bug (DoS) Jes Sorensen (Jun 26)
- Re: Solaris Ping bug (DoS) Kevin M Lynn (Jun 26)
- <Possible follow-ups>
- Re: Solaris Ping bug (DoS) Will Kempf (Jun 27)
- Re: Solaris Ping bug (DoS) Philip Kizer (Jun 27)
- smbmount buffer overflow Gerald Britton (Jun 27)
- Solaris Ping DOS - Best solution? Anton T. Rager (Jun 27)
- Re: smbmount buffer overflow Volker.Lendecke (Jun 28)
- BIND/iX updated to 8.1.1-REL production release Aleph One (Jun 28)
- ping exploit fATE 1997 BABY (Jun 28)
- sping binary fATE 1997 BABY (Jun 28)
- [ALERT] Another nuke. Aleph One (Jun 29)
- Re: [ALERT] Another nuke. Brian Mitchell (Jun 29)
- Re: Another nuke. Bob Tinsley (Jun 30)