Bugtraq mailing list archives
Re: Denial of service attack against tcpdump
From: don () MAINFRAME DGRC CRC CA (Donald McLachlan)
Date: Sun, 7 May 2000 11:29:04 -0400
It is not the -n option which defeats dnsloop.c, but the -q option. running: > tcpdump -n host XXX tcpdump: listening on hme0 and then from host XXX running dnsloop against that host: ./dnsloop YYYY dnsloop.c by Hugo Breton (bretonh () pgci ca) packet sent to host YYYY tcpdump reports: 11:23:33.553624 142.92.38.51.35520 > 142.92.38.223.53: 61094 A? and is hung. When they say quiet mode, that means with the -q option. when run with the -q option tcpdump reports: 11:26:16.417969 XXX.35521 > YYYY.domain: udp 18 (DF) and does not hang. Problem is you loose most of the useful TCP decoding. Note the lack of TCP flags, ack and window info. 11:26:15.053723 YYYY.1022 > XXX.login: tcp 1 (DF) 11:26:15.054333 XXX.login > YYYY.1022: tcp 1 (DF) Don
Current thread:
- Re: Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 06)
- <Possible follow-ups>
- Re: Denial of service attack against tcpdump Donald McLachlan (May 07)