Vulnerability Development mailing list archives
Naptha - New DoS
From: White Vampire <whitevampire () mindless com>
Date: Wed, 6 Dec 2000 23:34:39 -0500
Greetings, [ Misc Info ] I find it rather odd that this has yet to be mentioned on Bugtraq. I know of more than one person besides myself who has experienced some problems with this DoS since this advisory was released. I delayed mentioning it on this list because I figured someone from Razor would release it, or someone who was involved with the discovery. Various vendors are no doubt already coding like mad. I have disabled Keepalive in Apache (via 'Keepalive Off' in the configuration file) and changed the kernel timeouts, as recommended by the advisory. This will help some, but not enough. I hope to see complete fixes available soon, perhaps this will help kick-start it. Limiting public access to TCP daemons is also a way to help prevent attacks. [ Quick Summary ] Basically, it will leave a TCP connection on the target machine in a "certain state." The method discovered will exhaust resources on the target machine, whereas the originating machine will not be affected that greatly. Before such attacks were infeasible because the originating machine would also be affected. The target machine can be starved of resources to the point of failure. Some affected operating systems: * Novell's Netware 5.0 with sp1 (Will not recover) * Linux (2.2.x .. others ?) (Unknown.. can recover sometimes?) * FreeBSD 4.0-REL (Can recover in short period) * Possibly others.. it is a rather widespread problem. Unaffected operating systems: * OpenBSD seems to be unaffected * Windows 2000 seems to be unaffected For more information on NAPTHA visit: http://razor.bindview.com/publish/advisories/adv_NAPTHA.html [ Credit and Disclaimer ] An advisory was released by Razor on November 30th. I had not involvement with the discovery or release of this advisory. This e-Mail is simply a summary to help system administrators and other individuals who are interested or are experiencing problems learn about the attack. I shared my experiences and summarized some information from the advisory. I am just sharing the information. Good luck to the vendors, and good luck to the rest of the world. I sure have not had a fun time resulting these attacks. Regards, -- __ ______ ____ / \ / \ \ / / White Vampire\Rem \ \/\/ /\ Y / http://www.gammagear.com/ (Gear for the BOFH) \ / \ / http://www.webfringe.com/ \__/\ / \___/ http://www.gammaforce.org/ \/ "Silly hacker, root is for administrators."
Attachment:
_bin
Description:
Current thread:
- Naptha - New DoS White Vampire (Dec 08)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Message not available
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS rpc (Dec 09)
- Re: Naptha - New DoS Sebastian (Dec 10)
- Re: Naptha - New DoS Damian Menscher (Dec 10)
- Re: Naptha - New DoS Filipe Almeida (Dec 16)
- Re: Naptha - New DoS Bruno Morisson (Dec 17)
- Re: Naptha - New DoS White Vampire (Dec 09)
- Re: Naptha - New DoS Carl-Johan Bostorp (Dec 08)
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- Re: Naptha - New DoS Michael H. Warfield (Dec 09)