nanog mailing list archives
[no subject]
From: Gus Huber <gus () pbx org>
Date: Thu, 16 Apr 1998 15:15:19 -0500 (CDT)
While reading threads on the list I'm cc'ing this message to, I thought of a similar attack to smurf, that could be a problem based on SMURF attacks. ICMP isn't the only services that can be potentialy exploited via his bug, UDP could be a huge player too. For example those of you familiar with SMB might be able to deduce what I am getting at. Just a little test I did today. dialin:> nmblookup -B broadcast.mydomain.com \* <hidden to protect the innocent> Well then I went to my packet loging facilities. Since the class c that I send the broadcast was primarily windows machines I got approximately 200 replys to this one udp packet. It seems to me that this could be allmost as big of a player as smurf if executed tactfuly. Some common UDP services can be fooled into sending back many more packets than you send in, especialy on windows machines. I sent this to this list in hopes it would be dealt with before widespread exploit of it could take place. Gus Huber <gus () pbx org>
Current thread:
- Private routes advertised administrator (Apr 16)
- Re: Private routes advertised Randy Bush (Apr 16)
- Re: Private routes advertised Sam Critchley (Apr 16)
- Re: Private routes advertised Sam Critchley (Apr 16)
- Re: Private routes advertised Alex P. Rudnev (Apr 16)
- Re: Private routes advertised Michael Dillon (Apr 16)
- Re: Private routes advertised Alex P. Rudnev (Apr 16)
- [no subject] Gus Huber (Apr 16)
- Re: your mail Craig A. Huegen (Apr 16)
- Re: Private routes advertised Scott Weeks (Apr 16)
- <Possible follow-ups>
- Re: Private routes advertised administrator (Apr 16)