Bugtraq mailing list archives
Re: Guntella Built-in DoS
From: Walker Traylor <wtraylor () professionalsites com>
Date: Thu, 6 Sep 2001 18:26:27 -0400 (EDT)
Slightly more (and slightly old) info on using Gnutella in a DoS: http://www.aciri.org/vern/papers/reflectors.CCR.01/ --Walker
On Thu, 6 Sep 2001, Robert Stoll wrote:Hello all, I found what I believe may be a built-in DoS of sorts in Gnutella. For
<snip>
The problem is that the software has no way of verifying what values the user has set, which of course can lead to mischief. I can set the advertised IP address and port to arbitrary numbers and the result will be that the target machine will be bombarded with hundreds inbound tcp connections from Guntella clients looking for information. Do this with enough clients and you have a re-incarnation of the old Smurf attack. As of this writing, I have verified this with the Gnotella and LimeWire clients. I will be testing other clients as well but I am confident they will work the same way. Bob...
Current thread:
- Guntella Built-in DoS Robert Stoll (Sep 06)
- Re: Guntella Built-in DoS Brian Smith (Sep 06)
- <Possible follow-ups>
- Re: Guntella Built-in DoS Walker Traylor (Sep 06)
- Re: Guntella Built-in DoS Steven M. Bellovin (Sep 06)