Vulnerability Development mailing list archives
Re: ping -i (TTL) Vulnerability
From: Damian Menscher <menscher () uiuc edu>
Date: Wed, 21 Feb 2001 14:19:59 -0600
On Wed, 21 Feb 2001, -No Strezzz Cazzz wrote:
A funny (local and possibly remote too) bug in command.com. If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered that'll wh00p your CPU Usage to 100%. That is if you also set the -t option (Ping the specified host until interrupted). Your command.com shell will get flooded with "Bad option specified" messages. In example: a normal ping -t would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want to close your command.com you'll get the following message: "This Windows application cannot respond to the End Task request. It may be busy, waiting for a response from you, or it may have stopped executing". This indicates that its still busy on the background, I could not discover with what. Try it: C:\>ping -t 127.0.0.1 -i 0 That should do the trick. This is tested from NT4 Workstation, Service Pack 4.
Just a basic ping-flood on yourself. Yes, it raises load to 100%, but stops as soon as you press ^C (NT4 SP6).
No doubt this bug should also be able to be triggered from a remote location and cause panic on your network/servers. We're also pretty sure that this bug should be able to cause way more hav0c. As matter of fact we're performing tests as we speak. Care to help us out? Mail us your suggestions at:
No doubt that this would do absolutely nothing from a remote location. [ silly gr33tz snipped ] Damian Menscher -- --==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Current thread:
- ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 21)
- Re: ping -i (TTL) Vulnerability Damian Menscher (Feb 21)
- Re: ping -i (TTL) Vulnerability Jason Witty (Feb 21)
- Re: ping -i (TTL) Vulnerability Weiss, Bill (Feb 21)
- Re: ping -i (TTL) Vulnerability erasor (Feb 21)
- Re: ping -i (TTL) Vulnerability Knud Erik Højgaard - CyberCity Support (Feb 22)
- <Possible follow-ups>
- Re: ping -i (TTL) Vulnerability Jeff Oliver (Feb 21)
- Re: ping -i (TTL) Vulnerability Niels Vaes (Feb 21)
- Re: ping -i (TTL) Vulnerability Mark Villanova (Feb 21)
- Re: ping -i (TTL) Vulnerability Leo R. Lundgren (Feb 21)
- Re: ping -i (TTL) Vulnerability Reverend Lola (Feb 21)
- Re: ping -i (TTL) Vulnerability rpc (Feb 22)
(Thread continues...)