Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

NOBO denial of service

From: gavina () RIVER IT GVSU EDU (Andrew J. Gavin)
Date: Thu, 4 Feb 1999 16:52:00 -0500

As reported by i-kran () USA NET approximately a week ago, nobo (a back
orifice scanning detector) has a buffer overflow problem that will crash
the program remotely.  Sending a UDP packet (larger than 1024 bytes) will
give the error:

A network error has ocurred: Message too long (10040-92)

Sending 15 of these packets (the minimum required) will crash nobo (stack
fault in kernel32.dll), with NOTHING recorded to the log file or to the
screen.

I tested this against nobo 1.2 from both Windows 98 and linux, giving the
same results.  Using 'assault' (included with the mIRC script "7th
sphere", I believe) in Windows, for example, I was able to send 15 UDP
packets at 1025 bytes in size, crashing my nobo.  In linux, I was able to
crash my nobo by echoing a string 1025 characters in length, piping it
through nc (with the -u flag), and repeating 14 more times.

I'm sure some nice scripts could be written to do this to a class C
subnet.  The only drawback to this is that it would be rather
bandwidth-intensive (15 x 1025 bytes x 255).

----------
gavina () river it gvsu edu
k3nny or ChazeFroy on Efnet IRC
Previous By Date Next
Previous By Thread Next

Current thread: