Bugtraq mailing list archives

Re: Denial of service attack against tcpdump

From: don () MAINFRAME DGRC CRC CA (Donald McLachlan)
Date: Sun, 7 May 2000 11:29:04 -0400


It is not the -n option which defeats dnsloop.c, but the -q option.
running:

        > tcpdump -n host XXX
        tcpdump: listening on hme0

and then from host XXX running dnsloop against that host:

        ./dnsloop YYYY
        dnsloop.c by Hugo Breton (bretonh () pgci ca)
        packet sent to host YYYY

tcpdump reports:

        11:23:33.553624 142.92.38.51.35520 > 142.92.38.223.53: 61094 A?

and is hung.  When they say quiet mode, that means with the -q option.
when run with the -q option tcpdump reports:

        11:26:16.417969 XXX.35521 > YYYY.domain: udp 18 (DF)

and does not hang.  Problem is you loose most of the useful TCP decoding.
Note the lack of TCP flags, ack and window info.

        11:26:15.053723 YYYY.1022 > XXX.login: tcp 1 (DF)
        11:26:15.054333 XXX.login > YYYY.1022: tcp 1 (DF)

Don

Current thread:

Re: Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 06)
- <Possible follow-ups>
- Re: Denial of service attack against tcpdump Donald McLachlan (May 07)