Bugtraq mailing list archives

Re: Nobo and Netbuster Dos

From: flaviovs () CENTROIN COM BR (Flavio Veloso)
Date: Thu, 21 Jan 1999 18:58:30 -0200


On Wed, 20 Jan 1999, Wolfgang Gassner wrote:

Important notice: I will talk only about NOBO since it is my
project.

Simply send Big Udp Packets to eg. Port 31337 and Mr. Nobo will see
a Big error message at each Packet!!!


I could not reproduce the error here. I tried to send UDP packets
ranging from 1 byte to the biggest allowable size on my BSD system,
and in all cases NOBO gave no "Big" error message, but only a warning
telling me that an unknown packet was received.

What is a "Big Udp Packet" for you? What program did you use to send
such packet? What OS?

As Default Nobo only Logs on screen and not into file that means
you can erase your Ping!!


The program will never log to a file unless the user configures it to
do so. This is to prevent a real DoS attack (user's HD filling up when
being flooded).

Also, "erase your Ping" is nonsense. NOBO will show (and log to file,
if configured) the IP address of any received packet.

Of course, you can always spoof the source address. But this is not
relevant since you can spoof a legitimate BO packet too. NOBO can't do
anything to spoofed packet but act on it, since there's no easy way to
detect the forgery.

I tested this on NT and W95 and after some time it will kill with
a Overflow.


Can you give me more details about the crash? (Please, do not bother
the nice bugtraq folks with this stuff -- mail me directly.)

--
Flavio

Current thread:

Re: Sendmail 8.8.x/8.9.x bugware, (continued)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
  - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
    - Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
    - Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
    - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
    - Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Keeping Solaris up-to-date: summary John RIddoch (Jan 20)
- FW: Personal web server - Temporary Fix Ollie Whitehouse (Jan 20)
- Nobo and Netbuster Dos Wolfgang Gassner (Jan 20)
  - Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)
- Quake 2 Server Crash Leif Sawyer (Jan 20)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race D. J. Bernstein (Jan 20)
- Sendmail 8.8.x/8.9.x bugware Gregory Neil Shapiro (Jan 20)
  - CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)
  - Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
    - Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
    - linux crashes irix6.3 Philipp Schott (Jan 22)
    - Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)
    - CERT Advisory CA-99.01 - TCP.Wrappers (fwd) //Stany (Jan 22)
    - Misleading CERT Advisory CA-99-01-Trojan-TCP-Wrappers Jochen Thomas Bauer (Jan 22)

(Thread continues...)