Re: various *lame* DoS attacks

[puppet () DYNAMSOL COM (puppet)]

On Fri, 6 Nov 1998 01:46:17 -0600, you wrote:

The problem with a timeout not shutting down the port was fixed almost a
month ago.  Spoofing is always a problem, that is why the script was
written such that channel takeovers are not possible.

puppet

> 2) CPU DoS against NukeNabber (NT only?)
>
> I haven't tested this on anything other than Windows NT 4.0 SP3
> (Workstation & Server)
>
> How it works:
>
> NukeNabber listens on several ports for connections.  You can configure it
> to listen on any port, but the standards are 1080, etc.
> If you telnet to the port of a machine that NukeNabber is listening on,
> NukeNabber apparently spawns a process called Report.exe.  This process
> lasts anywhere from 30-90 seconds, and consumes ~100% CPU.  The problem
> with this is fairly obvious.  (note: when connecting to a port that
> NukeNabber is listening on, it's important that you don't type anything.
> Just let the connection sit and time out.)
>
> Fix:
>
> Unsure
>
> Has the author been notified?
>
> Yes, about 6 weeks ago.  I received no reply.
>
>
> While we're on the subject of NukeNabber, I'll point something else out.
> NukeNabber has a nifty feature that establishes a DDE link with an IRC
> client. (mIRC or pirch)  There are scripts written for both clients that
> have the option to kick/ban any host found to be "nuking" from all the
> channels that you're oped in, and can also /ignore them.  This can become
> interesting when someone has a version of WinNuke that can spoof a source
> IP.  If a person has the kick/ban/ignore feature active, you can turn them
> against the people in their channels quite easily.  Again, lots of fun to
> be had here. (I believe the only "nuke" that NukeNabber listens for is a
> WinNuke.)

---
Get NukeNabber 2.9a & The Cleaner 1.9d @ http://www.dynamsol.com/puppet/
Read the NN FAQ @ http://www.dynamsol.com/puppet/faqs/nnfaq.html
PGP Key ID: B4066BF1 Fingerprint: FF3E 9A24 E08C 69BB C318  F702 FBCF 3DC4 B406 6BF1