UPNP Denial of Service

["Gabriel Maggiotti" <gmaggiotti () biycsa com ar>]

We develop a code baseline to test the UPNP DOS. The dos consists in
sending a udp packet to port 1900 with a NOTIFY request. This request
has a URL that XP uses to open a tcp connection. The XP does not
sanitize this request so whatever URL and port could be specified. Once
the tcp connection is opened, a chargen code fills the XP memory and the
machine gets into an unstable state with a 100% of cpu utilization. 
Gabriel Maggiotti, Fernando Oubiña

 <<chargen.c>>  <<upnp_udp.c>>

Attachment: chargen.c
Description: chargen.c

Attachment: upnp_udp.c
Description: upnp_udp.c