Bugtraq mailing list archives
Re: Nobo and Netbuster Dos
From: flaviovs () CENTROIN COM BR (Flavio Veloso)
Date: Thu, 21 Jan 1999 18:58:30 -0200
On Wed, 20 Jan 1999, Wolfgang Gassner wrote: Important notice: I will talk only about NOBO since it is my project.
Simply send Big Udp Packets to eg. Port 31337 and Mr. Nobo will see a Big error message at each Packet!!!
I could not reproduce the error here. I tried to send UDP packets ranging from 1 byte to the biggest allowable size on my BSD system, and in all cases NOBO gave no "Big" error message, but only a warning telling me that an unknown packet was received. What is a "Big Udp Packet" for you? What program did you use to send such packet? What OS?
As Default Nobo only Logs on screen and not into file that means you can erase your Ping!!
The program will never log to a file unless the user configures it to do so. This is to prevent a real DoS attack (user's HD filling up when being flooded). Also, "erase your Ping" is nonsense. NOBO will show (and log to file, if configured) the IP address of any received packet. Of course, you can always spoof the source address. But this is not relevant since you can spoof a legitimate BO packet too. NOBO can't do anything to spoofed packet but act on it, since there's no easy way to detect the forgery.
I tested this on NT and W95 and after some time it will kill with a Overflow.
Can you give me more details about the crash? (Please, do not bother the nice bugtraq folks with this stuff -- mail me directly.) -- Flavio
Current thread:
- Re: Sendmail 8.8.x/8.9.x bugware, (continued)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
- Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
- Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Keeping Solaris up-to-date: summary John RIddoch (Jan 20)
- FW: Personal web server - Temporary Fix Ollie Whitehouse (Jan 20)
- Nobo and Netbuster Dos Wolfgang Gassner (Jan 20)
- Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)
- Quake 2 Server Crash Leif Sawyer (Jan 20)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race D. J. Bernstein (Jan 20)
- Sendmail 8.8.x/8.9.x bugware Gregory Neil Shapiro (Jan 20)
- CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- linux crashes irix6.3 Philipp Schott (Jan 22)
- Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)
- CERT Advisory CA-99.01 - TCP.Wrappers (fwd) //Stany (Jan 22)
- Misleading CERT Advisory CA-99-01-Trojan-TCP-Wrappers Jochen Thomas Bauer (Jan 22)