Bugtraq mailing list archives
Re: Annex DoS
From: matt () saratoga its bond edu au (Matt Carter)
Date: Sun, 26 Jul 1998 18:45:44 +1000
i made a post about some time ago. a simple 'strobe' will bring a bay terminal server crashing to it's knees. i notified bay years ago .. hell lets go something even simpler. 1 x 32k ping packet ever second at a annex will crush it. so, maybe you have something a bit beefier (i'm looking at micro annex els) fire 2 x 32k packets. gee that was difficult. admittedly, i haven't been up to date on the bay annex stuff, so maybe they fixed it.. but i never eever heard anything back from them so.. On Sat, 25 Jul 1998, Albert Nubdy wrote:
From: Albert Nubdy <formatez () EDUREDES EDU DO>
To: BUGTRAQ () NETSPACE ORG
Date: Sat, 25 Jul 1998 20:10:21 -0400
Subject: [BUGTRAQ] Annex DoS
Message-ID: <Pine.LNX.3.96.980725200936.6869A-100000 () eduredes edu do>
-----BEGIN PGP SIGNED MESSAGE-----
Redes2 Security Team
--------------------
.DO Underground
PROBLEM
=======
We have found serveral DoS attacks agaisnt Annex terminal servers
from
xylogics(bay).
DETAILS
=======
The first attack is about the ping program on the webserver. They
designed the /ping program to take only 64 chars in the hostname part.
They avoided from ppl to insert more than 64 by limiting it in the
page on
the webserver (/ping.html). But if you do a :
http://annex.server.here/ping?query=a lot of aaaaaa's here(more than
64)
then annex server goes BOOM!.
The second attack is with the land attack. Maybe when they tried the
land attack on the annex servers they thought it didn't work. But it
does... The problem is that when you do 1 land attack the CPU only
rises a
50 percent. Now if you do 2 land attacks consecutively then the annex
server freezes because the CPU rises to 100%. I didn't make any
programs
for this because you only have to do a shell script that executes your
land program at least two or three times.
FIX
===
We notified Bay a month ago. They have not responded yet.
Credits:
wh0is, speed1, lizard.
========================================|
Albert Nubdy | formatez () eduredes edu do |
FormateZ@undernet |
- ----------------------------------------|
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQA/AwUBNbqefVRmALifgPyqEQIvLACeOPojXC2FqVgsO688XIBGINVNEDMAnR5r
WpUM+RDMkvaCMEmMkzqVNt5h
=HPOk
-----END PGP SIGNATURE-----
-- Matt Carter | Systems Management Group Email: matt () bond edu au | Bond University Phone: +61 7 5595 1423 | University Drive Fax: +61 7 5595 1456 | Robina, QLD 4226
Current thread:
- smal bug in icmpinfo, (continued)
- smal bug in icmpinfo Adrian Dabrowski (Jul 26)
- Re: smal bug in icmpinfo Rich Lafferty (Jul 26)
- smal bug in icmpinfo Adrian Dabrowski (Jul 26)
- CFINGERD root security hole John Goerzen (Jul 23)
- Re: CFINGERD root security hole Roscinante (Jul 24)
- Microsoft Security Bulletin (MS98-006) Aleph One (Jul 24)
- SECURITY: new ncurses packages twiztah (Jul 24)
- FW: Microsoft Security Bulletin (MS98-007) MacGyver (Jul 24)
- Microsoft Security Bulletin (MS98-007) Aleph One (Jul 25)
- Alert: New Source Bug Affect Sun JWS Aleph One (Jul 25)
- Annex DoS Albert Nubdy (Jul 25)
- Re: Annex DoS Matt Carter (Jul 26)
- Security warning: Netscape https & proxies Henrik Nordstrom (Jul 26)
- Another NEW mIRC bug and ALL mIRC Exploit patches Derek Reynolds (Jul 24)
- Re: Another NEW mIRC bug and ALL mIRC Exploit patches Mike Zimmerman (Jul 25)
- small bug in 5/98 distribution Sun 4070627 Lloyd Vancil (Jul 24)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)
- Re: small bug in 5/98 distribution Sun 4070627 Brandon Hume (Jul 26)
- Re: small bug in 5/98 distribution Sun 4070627 Casper Dik (Jul 27)
- FW: Alert: Arbitrary code execution via email or news Patrick Oonk (Jul 27)
- ISS Security Advisory -- MS Exchange 5.x Jon Larimer (Jul 27)
- [ NT SECURITY ALERT ] New Local GetAdmin Exploit MJE (Jul 27)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)