Re: ping -i (TTL) Vulnerability

["Weiss, Bill" <bill_weiss () att net>]

-No Strezzz Cazzz(Butterphly6 () CAZZZ DEMON NL)@Wed, Feb 21, 2001 at 04:25:03AM -0000:
> A funny (local and possibly remote too) bug in command.com.
>
> If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered
> that'll wh00p your CPU Usage to 100%. That is if you also set the -t option
> (Ping the specified host until interrupted). Your command.com shell will get
> flooded with "Bad option specified" messages. In example: a normal ping -t
> would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want
> to close your command.com you'll get the following message: "This Windows
> application cannot respond to the End Task request. It may be busy, waiting
> for a response from you, or it may have stopped executing". This indicates
> that its still busy on the background, I could not discover with what.
>
> Try it:  C:\>ping -t 127.0.0.1 -i 0
> That should do the trick.
>
> This is tested from NT4 Workstation, Service Pack 4.

C:\WINDOWS>ping -t 127.0.0.1 -i 0
Bad value for option -i, valid range is from 1 to 255.

That's from Win98 SE, with few updates (just reinstalled).