Bugtraq mailing list archives
UPNP Denial of Service
From: "Gabriel Maggiotti" <gmaggiotti () biycsa com ar>
Date: Wed, 9 Jan 2002 10:56:51 -0300
We develop a code baseline to test the UPNP DOS. The dos consists in sending a udp packet to port 1900 with a NOTIFY request. This request has a URL that XP uses to open a tcp connection. The XP does not sanitize this request so whatever URL and port could be specified. Once the tcp connection is opened, a chargen code fills the XP memory and the machine gets into an unstable state with a 100% of cpu utilization. Gabriel Maggiotti, Fernando OubiƱa <<chargen.c>> <<upnp_udp.c>>
Attachment:
chargen.c
Description: chargen.c
Attachment:
upnp_udp.c
Description: upnp_udp.c
Current thread:
- UPNP Denial of Service Gabriel Maggiotti (Jan 09)
- Re: UPNP Denial of Service Patrick Chambet (Jan 10)