Bugtraq mailing list archives
Re: 1+2=3, +++ATH0=Old school DoS
From: toasty () HOME DRAGONDATA COM (Kevin Day)
Date: Mon, 28 Sep 1998 04:49:14 -0500
On Sun, 27 Sep 1998, Brett Glass wrote:Today, it's rare to find a modem that responds to the attack unless there happens to be a long pause in the data stream after the "+++"....Therefore, this DoS attack isn't a big deal. It's easily preventable, rarely effective, and relatively harmless (all you have to do, if it hits, is redial). --Brett GlassI have tested this out here locally, as well as with the help from a few other people onlin and it seems that 6 of 9 modems have been affected. I would hardly call that 'rarely effective', relatively harmless yes, but it seems to be a large percentage. I am interested to see more results as too how wide spread this is. (all tests were done using ping -p 2b2b2b415448300d host ) kill9
In doing some testing here on willing victims.... 30% seemed vulnerable with the ping -p attack. For IRC users: //raw NOTICE ToastyMan : $+ $chr(1) $+ PING +++ATH0 $+ $chr(1) (in mirc) Also seems to work, and will work through bnc's or whatever proxy you are going through, since it's part of the irc protocol..... This only worked on one user though. So far, A/Open(acer) 56k's were the most common modem that was vulnerable. (3 of the 6 tested that were vulnerable were using those modems) I'm working on a 'For Dummies' program that will scan your system for modems, and ATZ ATS2=255&W Hopefully this'll be fixed. I'll release it tommorow, and post it here if Aleph doesn't mind. Kevin Day DragonData
Current thread:
- 1+2=3, +++ATH0=Old school DoS Max Schau (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS Brett Glass (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS kill9 (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Kevin Day (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Ross Wheeler (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS kill9 (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS *unknown* (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Jason (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Tudor Bosman (Sep 28)
- <Possible follow-ups>
- Re: 1+2=3, +++ATH0=Old school DoS Daniel Hauck (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS Pete Gonzalez (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)
- SHADOW group research indicates distributed probes and attacks Patrick Oonk (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Adrian Gonzalez (Sep 28)
- Modem ATH0 thread route () RESENTMENT INFONEXUS COM (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)
(Thread continues...)
- Re: 1+2=3, +++ATH0=Old school DoS Brett Glass (Sep 27)