Vulnerability Development mailing list archives
Re: Win2k & Linux DoS
From: Vitaly McLain <twistah () DATASURGE NET>
Date: Fri, 25 Aug 2000 23:41:01 -0500
Hi, I've played around with Bubonic.c and I have a few comments. First of all, you should really test it over the Internet (or another WAN) and not a LAN. This crashing may be due to an overload that will not occur over the Net (or you will need some really good bandwith to accomplish it.) What I am basically saying is we need to find out if this is a flaw in Win2k TCP/IP stack or if it's just an issue similiar to a ping flood. I did run a few tests with Bubonic. Over my 100mbps network, I flooded my Windows NT 4.0 Workstation (SP5) box using: bizkit:~# ./bubonic 192.168.1.2 192.168.1.23 1000 100000 Bubonic -- sil () antioffline com Finding host AntiOffline -- Putting the Hero in Heroin The NT box is an AMD K6-2 400mhz / 64mb of RAM and the worst that did was raise the CPU usage to around 6%. Here is what it gets a little interesting. Setting the source address to the same IP as the dest IP (192.168.1.2 this in case) makes the flood more intense. My hub goes to around 25% utilization AND my CPU goes from 15% to 30% (it fluctuates). However it does not crash, and no real slowdown is observed (though it would be more effective on slower systems.) My suspicion is that your crash happened to to an overload because of the flood. I've managed to accomplish the same thing before. I compiled an old piece of source found on Packetstorm: killsentry.c. It is designed to send FIN packets from basically every IP and simulate a portscan (thus Abacus PortSentry would auto-block the entire Net). Anyway, that's not the point. On a box without PortSentry, killsentry.c slowed it down significantly. But this is just because it was a giant flood, and not a whole in the TCP/IP implemintation. I think the same thing is happened here. I could be wrong ;-) Vitaly McLain twistah () datasurge net Hmm, $10 says I'll get at least 7 Out-of-Office replies...
Current thread:
- Win2k & Linux DoS J. Oquendo (Aug 25)
- <Possible follow-ups>
- Re: Win2k & Linux DoS J. Oquendo (Aug 25)
- Re: Win2k & Linux DoS Vitaly McLain (Aug 26)
- Re: Win2k & Linux DoS Wolfgang Gassner (Aug 28)