Bugtraq mailing list archives

Re: More oshare testing.

From: jroberson () CHESAPEAKE NET (Jeff Roberson)
Date: Wed, 3 Feb 1999 23:30:05 -0500


The ethernet adapter is on a completely different layer from IP, so I
doubt the netcard has much to do with the attack.  Also, I notice in the
original email, the author claims that the attack wont work if your not
on the same segment.  This is simply because the packet's source address is
1.1.1.1, so most routers will drop this packet.  Finally, could
people be more specific when they post about crashes?  By this I mean,
what patches they have installed, what network protocols/services/and
adapters they have?  This information might be usefull in understanding
who this bug really affects.

Jeff

On Tue, 2 Feb 1999, C.J. Oster wrote:

While testing the oshare attack a little more, I have found something that
you may find interresting.  Here at the university, many people are
running the same installation of windows, ie off of the same cd, same
patches, etc.  The differences in behavior seem to be due to the type of
network card installed in the machine.  Here is a VERY small list.

win95 is broken and bluescreens all the time.

win98 with the following network cards...

LinkSys ISA (ne2000 chipset): Spontaneous Reboot.
LinkSys PCI (ne2000):         Blue Screen
3c509 (ISA):                  Blue Screen
3c590 (PCI):                  Some Blue Screens, others Hang
3c905 (PCI):                  Hangs until packets stop comming, then
                              complete wakup.

I wasn't able to test macs because we have so few here, but the two I did
test either froze completly or had no effect.  Results were not
consistent.

So the question now is "Is oshare a hardware driver problem and not a
winsock bug?"

-CJO-

                C.J. Oster (Linux Guru/Surge Addict)
------------------------------------------------------------------
| cjo () pobox com   |   910 S. 3rd St, #1218  |      CCSO, WSG, UIUC  |
| oster () uiuc edu  |   Champaign, IL 61820   |      1443 DCL, Urbana |
------------------------------------------------------------------
                 (580)761-6393 (217)328-8934
      "Linux, for people with an IQ above 98" - Bumper Sticker
 "Hm, a little big for a cup holder... Why does it say '4x' on it?"

Current thread:

No Security is Bad Security: John \ (Feb 02)
- More oshare testing. C.J. Oster (Feb 02)
  - Re: More oshare testing. Jeff Roberson (Feb 03)
    - Re: No Security is Bad Security: com-nospam () CCRAIG ORG (Feb 04)
    - Re: More oshare testing. Alan Cox (Feb 04)
    - Re: More oshare testing. Cristiano Lincoln Mattos (Feb 05)
  - Re: More oshare testing. Dariusz Zmokly (Feb 04)
- Re: No Security is Bad Security: Kevin Day (Feb 02)
  - Re: No Security is Bad Security: Jan B. Koum (Feb 03)
    - Re: No Security is Bad Security: Russell Fulton (Feb 04)
- Re: No Security is Bad Security: ecx (Feb 04)
- Update on w00w00 article (bug report) Shok (Feb 04)
- <Possible follow-ups>
- Re: No Security is Bad Security: Donald Moore (Feb 04)

(Thread continues...)