Bugtraq mailing list archives
Re: Denial of service attack against tcpdump
From: scut () NB IN-BERLIN DE (Sebastian)
Date: Wed, 3 May 2000 21:51:05 +0200
On Tue, May 02, 2000 at 07:46:33PM -0400, bretonh () PARANOIA PGCI CA wrote:
Greetings.
Hi.
There is a way to disable tcpdump running on a remote host. By sending a carefully crafted UDP packet on the network which tcpdump monitors, it is possible, under certain circonstances, to make tcpdump fall into an infinite loop.
[...]
If this jump offset is set to its own location and if a program trying to decompress the domain name does not have any type of counter or strategy to avoid infinite loops, then the program will jump to the same offset in the packet over and over again.
Known issue for about one year now. There are several other methods to take tcpdump down, two others with domain names (zlip*.c) and one with IP header length fiddling. A detailed description + exploits were posted already on bugtraq, though at that time tcpdump had no maintainer and there was no fix issued. Also Etherreal and other sniffers are affected by this.
Cheers, Hugo Breton bretonh () pgci ca
ciao, scut / teso -- - scut () nb in-berlin de - http://nb.in-berlin.de/scut/ --- you don't need a -- -- lot of people to be great, you need a few great to be the best ------------ http://3261000594/scut/pgp - 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07 -- data in VK/USA Mayfly experienced, awaiting transfer location, hi echelon -
Current thread:
- pam_console bug, (continued)
- pam_console bug Michal Zalewski (May 02)
- Re: pam_console bug Benjamin Smee (May 03)
- Re: pam_console bug Michal Zalewski (May 04)
- Re: pam_console bug Benjamin Smee (May 03)
- Re: Wemilo daedalus (May 02)
- Possible issue with Cisco on-line help? Fernando Montenegro (May 02)
- Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
- Re: Possible issue with Cisco on-line help? Lisa Napier (May 09)
- Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
- 4ward:It's a blue world! deepquest () NETSCAPE NET (May 02)
- Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 02)
- Re: Denial of service attack against tcpdump antirez (May 03)
- Re: Denial of service attack against tcpdump Sebastian (May 03)
- Re: Denial of service attack against tcpdump Dragos Ruiu (May 03)
- Re: Denial of service attack against tcpdump Gerald Combs (May 03)
- "ILOVEYOU" virus analysis Steve Wolfe (May 04)
- 2.2.14 Kernel exec/open bug (?) The Cr0W (May 05)
- Re: Denial of service attack against tcpdump Hugo.van.der.Kooij () CAIW NL (May 09)
- glibc resolver weakness antirez (May 02)
- Re: glibc resolver weakness Bennett Todd (May 03)
- Re: glibc resolver weakness Valdis.Kletnieks () VT EDU (May 03)
- Re: glibc resolver weakness Andrew Brown (May 03)
- Cayman 3220-H DSL Router DOS cassius () HUSHMAIL COM (May 05)
(Thread continues...)
- pam_console bug Michal Zalewski (May 02)