Bugtraq mailing list archives
Re: FTP denial of service attack
From: antirez () INVECE ORG (antirez () INVECE ORG)
Date: Tue, 7 Dec 1999 19:17:37 +0100
On Tue, Dec 07, 1999 at 11:29:56PM +1100, Darren Reed wrote:
Who has more free file descriptors & network ports, you or the ftp server ?
Using raw sockets it's possible to simulate a lot of descriptors/open ports. You just needs to drop outgoing RST in order to implement your ftpd-dos-oriented TCP/IP micro-stack with a minimal memory requirement. In a word: the attacker has more free file descriptors & network ports every times the exploit just do a simple operation such USER/PASS authentication. This isn't true only for this attack but for many others and results in the ability to perform this kind of DoS against a very big server using little resources. antirez
Current thread:
- Re: Big problem on linux 2.0, (continued)
- Re: Big problem on linux 2.0 Andrea Arcangeli (Dec 14)
- HP-UX: Security Vulnerability in wu-ftp Aleph One (Dec 13)
- From the SCO Security Page Alfred Huger (Dec 06)
- w00giving #8] Solaris 2.7's snoop Aleph One (Dec 06)
- Re: w00giving #8] Solaris 2.7's snoop Shane A. Macaulay (Dec 09)
- Clarification needed on the snoop vuln(s) Alfred Huger (Dec 09)
- FTP denial of service attack Darren Reed (Dec 07)
- Re: FTP denial of service attack Renaud Deraison (Dec 07)
- FTP DoS - PORT and PASV effected. Darren Reed (Dec 07)
- Re: FTP DoS - PORT and PASV effected. Henrik Nordstrom (Dec 09)
- Re: FTP denial of service attack Renaud Deraison (Dec 07)
- Re: FTP denial of service attack antirez () INVECE ORG (Dec 07)
- Re: FTP denial of service attack Dustin Miller (Dec 07)
- Re: FTP denial of service attack Hugo.van.der.Kooij () CAIW NL (Dec 08)
- Re: FTP denial of service attack Paulo Licio de Geus (Dec 09)
- [Debian] New version of htdig released Aleph One (Dec 10)
- Fundamental flaw in UnixWare 7 security Brock Tellier (Dec 10)
- Solaris sadmind Buffer Overflow Vulnerability Alfred Huger (Dec 10)
- Re: FTP denial of service attack bert hubert (Dec 07)
- Re: FTP denial of service attack antirez () INVECE ORG (Dec 09)
- Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
- Re: FTP denial of service attack Darren Reed (Dec 07)