Vulnerability Development mailing list archives
Re: Serv-U 2.5i DoS
From: Sommer Ishay <ishaybas () NETVISION NET IL>
Date: Mon, 26 Feb 2001 14:23:03 +0200
Was the flooding done in remote? if so what was the connection speed between the 2 computers? And, is it possible that the resources usage was high due to messages being printed to console screen of the servu? Ishay
-----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Steven, Bates Sent: Sunday, February 25, 2001 4:55 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Serv-U 2.5i DoS Hi, I think I found another DoS issue in Serv-U 2.5i: I've downloaded the "Fixed" version of Serv-U yesterday. I installed it on one of my pc's and started %windir%\RSRCMTR.EXE to see how many resources are used when I flood it. Then I started to play around with the server: Ftp> open server Connected to server. 220 Serv-U FTP-Server v2.5i for WinSock ready... I coded a little java application which flooded the server with 0x00 chars, but at least that bug was fixed. So I tried other chars and found out, that 0xff was a good choice. The application just sends out 0xff chars in a never ending loop (I added a Counter to see how much chars are needed to block/crash it). char nuke=0xff; int Counter=0; while(true) { sout.print(nuke); Counter++; if(Counter%10000==0) System.out.println(Counter+" 0xff sent"); } I started it, and the resources got lower and lower. When about 290000 0xff chars were sent, there was a popup (I am sure every Win9x user saw it once) which said that 90% of the resources were already used, and that some programs should be closed. I tried to click the "OK" button, but the popup did not react. I also noticed that the mouse cursor was moving strange... I tried to login from an other pc: Ftp>open Server Connected to server. Connection closed by remote host. but as you can see, it did not work - the connection closed after the timeout. Then I stopped the java application with STRG-C, the resource icon became green, the popup dissappeared (it finally noticed that I had clicked on it) and the server was working fine again. While writing this, I was testing the flooder, but after seeing the popup on the screen, I forgot to stop the flooder. When I finally noticed that, I stopped it - it had already sent about 2,5 Million 0xff chars to the server. I tried to connect to the ftpd, but I couldn't - I was connected and immediatley(!) disconnected. I tested it again, but this only works sometimes, i have now idea why. I do not know why the server acts like this, but this issue should really should be fixed. !! THE FLOODER DOES NOT WORK, IF THE SERV-U ICON IS JUST IN THE TRAY, YOU NEED TO SEE THE LOGGING SCREEN !! !! I was only able to repoduce this behaviour on Win95, on Win98 it did not seem to do anything !! [Craig] http://www.HaQuarter.De/
Current thread:
- Serv-U 2.5i DoS Steven, Bates (Feb 25)
- Re: Serv-U 2.5i DoS Sommer Ishay (Feb 26)