Bugtraq mailing list archives
Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability
From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 15 Dec 1999 13:03:43 -0300
yes that is true affect more than war ftp , but no affect many others like vermillon ftp or serv-u, the d.o.s program, make connections flood, to the war ftp and the war ftp stop responding, in the moment of program dos is running and in the moment aftet of the program dos, i test it in our 14 machines of our labs, in some windows systems, win 95, win 98, win nt WorkStation, win nt server, and in all of this war ftp stop responding. not like Serv-u, Vermillon ftp, IIS 4.0 , IIS 3.0. THAT flood affect many Not protected programs. And yes you need a fast link because each connection send 57 bytes of Random data. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com -----Original Message----- From: Tim [mailto:yardley () uiuc edu] Sent: Wednesday, December 15, 1999 12:16 PM To: Ussr Labs Cc: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Maybe I am missing something, but after looking at the ASM code that ussr provided, it seems as if they are just doing a standard "connection flood". I see absolutely nothing significant or specific to WarFTPD here. The same type of attack would affect any number of FTP servers when done from a fast enough link. In other words, the good ole' hose + a tiny fragment of code to actually send a username/pass is all that is needed to duplicate this. The only denial of service I see here is a "max connections" problem. This would be harder to combat if the attack cam from random ip's... but that is not the case in this instance. So, did I miss something in this case? /tmy At 06:41 PM 12/14/1999, Ussr Labs wrote:
Strange, no body report this problem only you :(, the war ftp deamnon stop responding wen reseive lots of incomming connections, the porgram no CRASH just only stop responding. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com -----Original Message----- From: Malartre [mailto:malartre () videotron ca] Sent: Tuesday, December 14, 1999 8:46 PM To: Ussr Labs Cc: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs wrote:Local / Remote D.o.S Attack in War FTP Daemon 1.70 VulnerabilityI am personnaly not able to reproduce this on my computer. I was using the program on the same computer that war-ftpd is. It's a Pentium 200 with win95b, no firewalls, nothing special. My cable-modem connection was down during the use of the program, but this is because I was flooding myself. After a minute or two, I closed the program and my connection was back and War FTP was ok. Thank You -- [Malartre][malartre () videotron ca]
-- Diving into infinity my consciousness expands in inverse proportion to my distance from singularity +-------- ------- ------ ----- ---- --- -- ------ --------+ | Tim Yardley (yardley () uiuc edu) | http://www.students.uiuc.edu/~yardley/ +-------- ------- ------ ----- ---- --- -- ------ --------+
Current thread:
- Re: Big problem on 2.0.x?, (continued)
- Re: Big problem on 2.0.x? Stephen White (Dec 11)
- Privacy hole in Go Express Search Alfred Huger (Dec 13)
- Re: Big problem on 2.0.x? Jason Mills (Dec 13)
- [patch] Re: Big problem on 2.0.x? Andrea Arcangeli (Dec 14)
- Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 13)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Malartre (Dec 14)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 14)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Federico - Comnet S.A. (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70Vulnerability ussr secure (Dec 16)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Tim (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 15)
- Re: Big problem on 2.0.x? Stephen White (Dec 11)
- CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)
- Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Jarle Aase (Dec 16)
- Re: sshd1 allows unencrypted sessions regardless of server policy Michael H. Warfield (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy Pavel Machek (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy Joseph Moran (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy David Schwartz (Dec 15)