Bugtraq mailing list archives
Re: Win98 Crash?
From: route () RESENTMENT INFONEXUS COM (route () RESENTMENT INFONEXUS COM)
Date: Tue, 26 Jan 1999 13:41:36 -0800
[dorqus maximus wrote] | | This oshare.c code may have crashed our Checkpoint Firewall-1, version 3.0b, | Build Number: 3083. (Sun Sparc, Solaris 2.5.1) Sending 10,000 (not really --see below) of these `oshare` packets failed to do anything to the following machines: OpenBSD 2.4 FreeBSD 3.0 Solaris 2.7 Linux 2.1.124 SMP Windows 98 A cursory glance at the code reveals two noteworthy things: 1. There is no pause during packet injection. This results in a large amount of dropped packets. Your results will vary, but on my 100Mb ethernet, I saw about a 30% - 40% packet loss. 2. The packet is built inside a 40 byte buffer, yet is assigned a size of 44 bytes (and a header length of 44 bytes). The checksum is also computed across this phantom 44 byte size. When injecting into the network, however, only the original 40 bytes are written (anything larger, of course, would likely end up SIGSEGVing). The end result is a bad checksum on the other end. Finally, in closing, allow me to shamelessly plug libnet. Again. Libnet, simply put, is a C library for portable packet creation. The above `exploit` under libnet, can be rewritten portably in minutes. Beyond that (especially when combined with libpcap) it can be used to build powerful network applications without worrying about low-level packet interface nuances. Soon to be released version .10 offers numerous bug and portability fixes, several new utility and packet building modules, as well as additions to the FreeBSD and OpenBSD Ports collection. http://www.infonexus.com/~daemon9/Libnet -- I live a world of paradox... My willingness to destroy is your chance for improvement, my hate is your faith -- my failure is your victory, a victory that won't last.
Current thread:
- IE4 Persistent Connection Bug Joel Moses (Jan 22)
- Re: IE4 Persistent Connection Bug Drazen Kacar (Jan 24)
- Re: IE4 Persistent Connection Bug Justin Dolske (Jan 25)
- IIS - reproduction... Pete Juvinall (Jan 25)
- Win98 crash? DEF CON ZERO WINDOW (Jan 24)
- Re: Win98 Crash? dorqus maximus (Jan 25)
- Re: Win98 Crash? Bruno Coelho (Jan 26)
- Software Inertia Nate Lawson (Jan 26)
- Re: Win98 Crash? Vanja Hrustic (Jan 26)
- Re: Win98 Crash? route () RESENTMENT INFONEXUS COM (Jan 26)
- Re: Win98 crash? Robbert Muller (Jan 27)
- Re: Win98 Crash? dorqus maximus (Jan 25)
- Re: IE4 Persistent Connection Bug Drazen Kacar (Jan 24)