Vulnerability Development mailing list archives

Re: ping -i (TTL) Vulnerability

From: Niels Vaes <nielzthabeast () HOTMAIL COM>
Date: Wed, 21 Feb 2001 21:30:41 +0100

I've tried this option on both Win 2k and Windows 98 and it did not work.
I just get an error that the values for "-i" must be between 1 and 255.
So other Windows machines are not vulnerable, at least, that's what I've
discovered with the tests on my system.

  --ViviX--





------------------------------------------------------------------------
A funny (local and possibly remote too) bug in command.com.

If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered
that'll wh00p your CPU Usage to 100%. That is if you also set the -t option
(Ping the specified host until interrupted). Your command.com shell will get
flooded with "Bad option specified" messages. In example: a normal ping -t
would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want
to close your command.com you'll get the following message: "This Windows
application cannot respond to the End Task request. It may be busy, waiting
for a response from you, or it may have stopped executing". This indicates
that its still busy on the background, I could not discover with what.

Try it:  C:\>ping -t 127.0.0.1 -i 0
That should do the trick.

This is tested from NT4 Workstation, Service Pack 4.

No doubt this bug should also be able to be triggered from a remote location
and cause panic on your network/servers. We're also pretty sure that this
bug should be able to cause way more hav0c. As matter of fact we're
performing tests as we speak. Care to help us out? Mail us your suggestions
at:

Special_Projects () cazzz demon nl  (The Lab)

Industrial_Strength () cazzz demon nl  (The Exploiters)

Another fine Planet Cazzz Production/Advisory, in assosiation with The
Nations Top. We cannot be held responsible for your actions, but you can
try. PCP/A #0002 (pr0ph).

We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
want to say hell to all the people in this place. We want to say hell0 to
all the Sinners and 31337. We say hell0 to all the people in the world...



-No Strezzz Cazzz, Powered By UN0X =]

If TCP/IP is the Pavement, HTTP is Cazzzoline...

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Current thread:

ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 21)
- Re: ping -i (TTL) Vulnerability Damian Menscher (Feb 21)
- Re: ping -i (TTL) Vulnerability Jason Witty (Feb 21)
- Re: ping -i (TTL) Vulnerability Weiss, Bill (Feb 21)
- Re: ping -i (TTL) Vulnerability erasor (Feb 21)
- Re: ping -i (TTL) Vulnerability Knud Erik Højgaard - CyberCity Support (Feb 22)
- <Possible follow-ups>
- Re: ping -i (TTL) Vulnerability Jeff Oliver (Feb 21)
- Re: ping -i (TTL) Vulnerability Niels Vaes (Feb 21)
- Re: ping -i (TTL) Vulnerability Mark Villanova (Feb 21)
- Re: ping -i (TTL) Vulnerability Leo R. Lundgren (Feb 21)
- Re: ping -i (TTL) Vulnerability Reverend Lola (Feb 21)
  - Re: ping -i (TTL) Vulnerability rpc (Feb 22)
- Re: ping -i (TTL) Vulnerability Reddog Hummer (Feb 22)
- Re: ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 22)
  - Remote vs Local vulnerabilities (Was: Re: [VULN-DEV] ping -i (TTL) Vulnerability) syzop (Feb 23)
    - Re: Remote vs Local vulnerabilities (Was: Re: [VULN-DEV] ping -i (TTL) Vulnerability) Ryan Permeh (Feb 23)