Vulnerability Development mailing list archives
Re: Naptha - New DoS
From: M ixter <mixter () 2XS CO IL>
Date: Fri, 8 Dec 2000 16:42:05 +0200
I personally find it a bit questionable to release such an advisory and give only so little technical information about the vulnerability, how is anyone supposed to understand and protect about it then? Sounds to me like "we found the ultimate IP stack bug, be afraid, be very afraid, but no, we're not going to tell you more about it." Anyways, I understand the Naptha vulnerability is caused by sending short packets, or parts of packets, that tell us they have a different internal / total length, belong to a different offset, and so on....? With the very few informations, I modified a test tool that uses semi-"random" packets to find IP stack vulnerabilities, to implement such things. I limited it to TCP since it looks like the vulnerability is specific to TCP or has more effect for TCP connections. Also, you can select a specific port. This tool is just for testing, and only for Linux. Also, to get the "real" malicious data, you probably have to recompile your kernel (an appropriate patch is at the end of the source)... I will personally test it later, without the IP stack patch I just got a lot of kernel error messages with it, oh yeah, tcpdump didn't seem to parse some of the packets produced correctly, as shown below: 16:21:22.380013 > [|ip] 16:21:22.383177 > 75.241.52.119.42227 > 10.0.0.6.47024: SR 536870912:536870999(87) win 48451 urg 44971 16:21:24.235060 > [|tcp] 16:21:24.260242 > [|ip] 16:21:24.257134 > 255.76.14.98 > 10.0.0.6: (frag 7204:370@61792) 16:21:24.225623 > 244.62.155.55 > 10.0.0.6: (frag 1715:130@32) 16:21:24.310640 > [|tcp] Any feedback welcome... Mixter ----------------------------------------------------------------- Mixter <mixter () 2xs co il>, Senior Security Engineer, www.2xss.com 2XS Ltd. - Taking full disclosure security to a new level. -----------------------------------------------------------------
Attachment:
targa3-naptha.c
Description:
Current thread:
- Re: Naptha - New DoS, (continued)
- Re: Naptha - New DoS Ron DuFresne (Dec 09)
- Message not available
- Re: Naptha - New DoS Lincoln Yeoh (Dec 09)
- Re: Naptha - New DoS Jonas Thambert (Dec 09)
- Re: Naptha - New DoS Simple Nomad (Dec 11)
- Re: Naptha - New DoS Dug Song (Dec 11)
- Re: Naptha - New DoS Stephane Aubert (Dec 12)
- Re: Naptha - New DoS AV (Dec 12)
- Re: Naptha - New DoS Damian Menscher (Dec 13)
- Re: Naptha - New DoS Ryan Permeh (Dec 15)
- Re: Naptha - New DoS Dug Song (Dec 15)
- Re: Naptha - New DoS Simple Nomad (Dec 11)