Bugtraq mailing list archives
Lynx/MSIE denial-of-service
From: drwho () L0PHT COM (Doctor Who)
Date: Mon, 10 Mar 1997 15:05:20 -0500
Some people may think of this as simple or old hat, but I find it quite surprising that this is possible. Many systems run a service called "chargen" on port 19. It simply generates a never-ending stream of characters. If an MSIE or Lynx user connects to a chargen, the browser will act as though viewing a file of infinite length. This has caused a modem connection to drop using MSIE, and slowed a Linux system using lynx to a crawl due to exhaustion of memory. Both processes were aborted before any further damage was caused. A URL such as http://localhost:19 could cause the "flooding" damage to a system running lynx and chargen to occur almost instantly, because the characters would of course come at a much higher speed. Netscape Navigator disallows access to port 19. This is probably the best, easiest fix to this problem. Further work should be done to figure out what other services could cause problems. The CHARGEN service has other security implications and should be turned off in normal system operation. -----------=?> Doctor Who <?=----------- http://L0pht.com/~drwho "The Guilty Have No Past" http://L0pht.com/radiophone cellular and pager hacking info http://www.sinister.com
Current thread:
- Re: Bug in connect() ? Frank Hofmann (Mar 07)
- Re: Bug in connect() ? Frank Hofmann (Mar 10)
- Lynx/MSIE denial-of-service Doctor Who (Mar 10)
- Re: Lynx/MSIE denial-of-service Christopher Blizzard (Mar 10)
- SGI Security Advisory 19970301-01-P - IRIX 5.x and 6.x fsdump Aleph One (Mar 10)
- xterm segfaults from environment variables - too obvious David Luyer (Mar 10)
- Secuirty Hole In Older Perl Installs... Ken Robson (Mar 11)
- Re: xterm segfaults from environment variables - too obvious Alex Belits (Mar 11)
- Division of Privilege (DoP) - Potential Security Vulnerability Aleph One (Mar 11)
- runpipe v1.2 with security hole fix Aleph One (Mar 11)