Bugtraq mailing list archives
Re: Lynx/MSIE denial-of-service
From: blizzard () APPLIEDTHEORY COM (Christopher Blizzard)
Date: Mon, 10 Mar 1997 23:29:34 -0500
In message <Pine.BSI.3.95.970310144258.7182A-100000 () l0pht com>, Doctor Who writ es: :Many systems run a service called "chargen" on port 19. It simply :generates a never-ending stream of characters. : :If an MSIE or Lynx user connects to a chargen, the browser will act as :though viewing a file of infinite length. This has caused a modem :connection to drop using MSIE, and slowed a Linux system using lynx to a :crawl due to exhaustion of memory. Both processes were aborted before any :further damage was caused. : :A URL such as http://localhost:19 could cause the "flooding" damage to a :system running lynx and chargen to occur almost instantly, because the :characters would of course come at a much higher speed. : :Netscape Navigator disallows access to port 19. This is probably the best, :easiest fix to this problem. Further work should be done to figure out :what other services could cause problems. : :The CHARGEN service has other security implications and should be turned :off in normal system operation. : You can also create a serios DOS attack when this is combined with a proxy server. Using the URL: http://some.proxy.host/http://some.host.on.the.local.lan:19/ can bring some machines to a screaming halt. --Chris ------------ Christopher Blizzard AppliedTheory Communications, Inc. blizzard () appliedtheory com ------------
Current thread:
- Re: Bug in connect() ? Frank Hofmann (Mar 07)
- Re: Bug in connect() ? Frank Hofmann (Mar 10)
- Lynx/MSIE denial-of-service Doctor Who (Mar 10)
- Re: Lynx/MSIE denial-of-service Christopher Blizzard (Mar 10)
- SGI Security Advisory 19970301-01-P - IRIX 5.x and 6.x fsdump Aleph One (Mar 10)
- xterm segfaults from environment variables - too obvious David Luyer (Mar 10)
- Secuirty Hole In Older Perl Installs... Ken Robson (Mar 11)
- Re: xterm segfaults from environment variables - too obvious Alex Belits (Mar 11)
- Division of Privilege (DoP) - Potential Security Vulnerability Aleph One (Mar 11)
- runpipe v1.2 with security hole fix Aleph One (Mar 11)