Nmap Announce mailing list archives
(local?) linux DoS using nmap
From: "cami" <cami () dockside co za>
Date: Thu, 3 Jun 1999 06:22:50 +0200
Good day.. I appologize if this is old but seems still to be working/active on my own server. (slackware 4.0.0). I would be interested to know which other distro's this works against. Tested against: slackware 4.0.0 debian 2.1 Redhat 6.0 I became aware of this when local users begun to launch DoS attacks. kernel:~$ nmap 127.[0-255].[0-255].[0-255] -p 21 -sT Starting nmap V. 2.12 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/) Interesting ports on localhost (127.0.0.1): Port State Protocol Service 21 open tcp ftp Interesting ports on (127.0.0.2): Port State Protocol Service 21 open tcp ftp <snip> and it keeps going untill the +/-280th packet.. <snip> Interesting ports on (127.0.1.32): Port State Protocol Service 21 open tcp ftp No ports open for host (127.0.1.33) No ports open for host (127.0.1.34) No ports open for host (127.0.1.35) etc.. etc.. <snip> I havent tested it on remote machines, but this looks like a tcp/syn flood? Anyhow, local users can shutdown any local daemon running on any port. (apache was the only service that remaining running.) The rest of the other services became unusable/(dead?). Any ideas how one could prevent this? Sorry again if this is old. Regards hotmetal of (src) hotmetal () hack co za ( www.hack.co.za ) (e x p l o i t m a t r i x) (world domination in progress)
Current thread:
- (local?) linux DoS using nmap cami (Jun 02)
- Re: (local?) linux DoS using nmap Mr. Man (Jun 02)
- Re: (local?) linux DoS using nmap Vidyut Luther (Jun 03)
- <Possible follow-ups>
- Re: (local?) linux DoS using nmap cami (Jun 03)
- Re: (local?) linux DoS using nmap Lamont Granquist (Jun 03)
- Re: (local?) linux DoS using nmap Ken Williams (Jun 05)
- Re: (local?) linux DoS using nmap moses (Jun 06)
- Re: (local?) linux DoS using nmap Mr. Man (Jun 02)