Bugtraq mailing list archives

Re: Denial of service attack against tcpdump

From: gerald () ZING ORG (Gerald Combs)
Date: Wed, 3 May 2000 22:15:13 -0500


On Tue, 2 May 2000 bretonh () PARANOIA PGCI CA wrote:

Greetings.

There is a way to disable tcpdump running on a remote host.  By sending a
carefully crafted UDP packet on the network which tcpdump monitors, it is
possible, under certain circonstances, to make tcpdump fall into an infinite
loop.


A fix for this is in the current tcpdump CVS tree at www.tcpdump.org, but
it doesn't appear to be in the 3.5 alpha release.  This has also been
fixed in the latest version of Ethereal (0.8.7).

Current thread:

Re: pam_console bug, (continued)
- - - Re: pam_console bug Michal Zalewski (May 04)
- Re: Wemilo daedalus (May 02)
- Possible issue with Cisco on-line help? Fernando Montenegro (May 02)
  - Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
    - Re: Possible issue with Cisco on-line help? Lisa Napier (May 09)
- 4ward:It's a blue world! deepquest () NETSCAPE NET (May 02)
- Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 02)
  - Re: Denial of service attack against tcpdump antirez (May 03)
  - Re: Denial of service attack against tcpdump Sebastian (May 03)
  - Re: Denial of service attack against tcpdump Dragos Ruiu (May 03)
  - Re: Denial of service attack against tcpdump Gerald Combs (May 03)
  - "ILOVEYOU" virus analysis Steve Wolfe (May 04)
  - 2.2.14 Kernel exec/open bug (?) The Cr0W (May 05)
  - Re: Denial of service attack against tcpdump Hugo.van.der.Kooij () CAIW NL (May 09)
- glibc resolver weakness antirez (May 02)
  - Re: glibc resolver weakness Bennett Todd (May 03)
  - Re: glibc resolver weakness Valdis.Kletnieks () VT EDU (May 03)
  - Re: glibc resolver weakness Andrew Brown (May 03)
  - Cayman 3220-H DSL Router DOS cassius () HUSHMAIL COM (May 05)
- Fun with UltraBoard V1.6X rudi carell (May 03)
  - Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)

(Thread continues...)