Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lynx/MSIE denial-of-service

From: blizzard () APPLIEDTHEORY COM (Christopher Blizzard)
Date: Mon, 10 Mar 1997 23:29:34 -0500

In message <Pine.BSI.3.95.970310144258.7182A-100000 () l0pht com>, Doctor Who writ
es:
:Many systems run a service called "chargen" on port 19. It simply
:generates a never-ending stream of characters.
:
:If an MSIE or Lynx user connects to a chargen, the browser will act as
:though viewing a file of infinite length. This has caused a modem
:connection to drop using MSIE, and slowed a Linux system using lynx to a
:crawl due to exhaustion of memory. Both processes were aborted before any
:further damage was caused.
:
:A URL such as http://localhost:19 could cause the "flooding" damage to a
:system running lynx and chargen to occur almost instantly, because the
:characters would of course come at a much higher speed.
:
:Netscape Navigator disallows access to port 19. This is probably the best,
:easiest fix to this problem. Further work should be done to figure out
:what other services could cause problems.
:
:The CHARGEN service has other security implications and should be turned
:off in normal system operation.
:

You can also create a serios DOS attack when this is combined with a proxy
server.  Using the URL:

http://some.proxy.host/http://some.host.on.the.local.lan:19/

can bring some machines to a screaming halt.

--Chris

------------
Christopher Blizzard
AppliedTheory Communications, Inc.
blizzard () appliedtheory com
------------
Previous By Date Next
Previous By Thread Next

Current thread: