Bugtraq mailing list archives
Re: Denial of Service Attacks INFO
From: matt () ott opcom ca (Matthew Harding)
Date: Thu, 23 May 1996 10:55:10 -0400
Fred Cohen wrote:
UDP Bomb - By sending a UDP packet with incorrect information in the header, some Sun-OS 4.1.3 Unix boxes will panic and then reboot.Anyone willing to say _what_ this magic incorrect information is? I'd much rather not have to take the time to grab the patch, uncompile both it and the file(s) it replaces, and try to figure it out from there.For example: from-IP=127.0.0.1 to-IP=target Packet type: UDP from UDP port 7 (echo) to UDP port 7 (echo)
On a similar note, a more practical example is this condition will occur if any NFS request (mount, getattr, etc. etc.) has the source IP field set to 127.0.0.1. This can happen in certain circumstances - I believe there is a patch for HP/UX 9.x under certain platforms that prevents this specific condition from occurring. (Any HP that mounts a SunOS 4.1.x server could cause it to crash merely by mounting it!). If anyone is feeling frisky, start playing with a SunOS box and try injecting spurious IP packets onto the wire... since SunOS doesn't have the nifty DLPI interface that Solaris has, it is probably susceptible to many, many similar attacks using the standard IP stack. On a related note, does everyone know of the /dev/openprom problem under SunOS??? Any unprivileged user can crash the system using /dev/openprom... the difference between this and the above problem is that there is no patch for this one :-). (Email for details if you would like to know more). Cheers, Matthew (matt () ott opcom ca)
Current thread:
- Re: Denial of Service Attacks INFO der Mouse (May 22)
- Re: Denial of Service Attacks INFO Doug Hughes (May 22)
- Re: Denial of Service Attacks INFO Fred Cohen (May 22)
- Re: Denial of Service Attacks INFO Tim Newsham (May 22)
- Re: Denial of Service Attacks INFO Jonny Llama (May 22)
- <Possible follow-ups>
- Re: Denial of Service Attacks INFO Matthew Harding (May 23)
- Re: Denial of Service Attacks INFO Fred Cohen (May 23)
- /dev/openprom problems - Solaris 1 or Solaris 2 Matthew Harding (May 24)
- Possible bug in solaris2.4 ? Tequila System Admin (May 24)
- Re: Possible bug in solaris2.4 ? Dave Barr (May 24)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Jamie (May 25)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Dan Stromberg (May 26)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)
- Re: Is _your_ Netscape under remote control Chris Burris (May 24)
- CIAC Bulletin G-25: SUN statd Program Vulnerability David Crawford (May 24)
- Re: Is _your_ Netscape under remote control Phillip Wherry (May 24)